9 matches found
Design/Logic Flaw
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate...
CVE-2015-0874
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate...
CVE-2015-0874
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate...
CVE-2015-0874
CVE-2015-0874 affects Smartphone Passbook 1.0.0, which fails to verify X.509 certificates from SSL servers. This allows a man-in-the-middle to eavesdrop on encrypted communications via a crafted certificate, as described in multiple sources (NVD/National CVE record and JVN entries). The practical...
Ogaki Kyoritsu bank Smartphone Passbook Security Bypass Vulnerability
Ogaki Kyoritsu bank Smartphone Passbook is a suite of mobile banking passbook applications from Ogaki Kyoritsu Bank Corporation in Japan. A security bypass vulnerability exists in Ogaki Kyoritsu bank Smartphone Passbook, which can be exploited by remote attackers to conduct man-in-the-middle...
Ogaki Kyoritsu bank Smartphone Passbook for Android Information Disclosure Vulnerability
Ogaki Kyoritsu bank Smartphone Passbook is a suite of mobile banking passbook applications from Ogaki Kyoritsu Bank Corporation in Japan. Ogaki Kyoritsu bank Smartphone Passbook fails to securely create log files containing sensitive data, allowing an attacker to exploit vulnerabilities to obtain...
CVE-2015-0875
The Ogaki Kyoritsu Bank Smartphone Passbook for Android (Ver. 1.0.0) creates log files that contain user input data, enabling reading of sensitive information by anyone with access to the log. Multiple sources (NVD/CNVD/JVN) document an information-disclosure vulnerability arising from logging us...
Smartphone Passbook fails to verify SSL server certificates
Overview Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow...
JVN#14522790: Smartphone Passbook fails to verify SSL server certificates
Smartphone Passbook provided by Ogaki Kyoritsu bank Ltd. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...