Windows Live Hotmail PUSH mail - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Windows Live Hotmail PUSH mail published at the 'play' market has multiple vulnerabilities...

CVE-2014-5854

The Windows Live Hotmail PUSH mail aka com.clearhub.wl application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5854

The CVE-2014-5854 entry concerns the Windows Live Hotmail PUSH mail app (com.clearhub.wl) for Android, version 1.00.97, which does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. T...

CVE-2014-5854

The Windows Live Hotmail PUSH mail aka com.clearhub.wl application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...