3 matches found
Information disclosure
The Sprint jump aka air.com.ilaz.appilas application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5545
The Sprint jump aka air.com.ilaz.appilas application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5545
The CVE-2014-5545 entry documents a vulnerability in the Sprint jump (aka air.com.ilaz.appilas) Android app, where the application does not verify X.509 certificates from SSL servers. The underlying issue is missing certificate validation, which allows a man-in-the-middle attacker to spoof server...