PT-2019-10014 · Square +1 · Okhttp +1

Name of the Vulnerable Software and Affected Versions: OkHttp versions 3.x through 3.12.0 Description: The issue in OkHttp allows man-in-the-middle attackers to bypass certificate pinning. This is achieved by changing SSLContext and boolean values while hooking the application. Recommendations: F...

CVE-2014-5075

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java =================================================================== Smack http://www.igniterealtime.org/projects/smack/ is an Open Source XMPP Jabber client library for instant messaging and presence written in Java. Smack prior ...

Ruby OpenSSL CA private key forgery vulnerability-vulnerability warning-the black bar safety net

The Ruby OpenSSL CA private key forgery vulnerability require ‘rubygems’ require ‘openssl’ require 'digest/md5' key = OpenSSL::PKey::RSA. new2 0 4 8 cipher = OpenSSL::Cipher::AES. new2 5 6, :CBC ctx = OpenSSL::SSL::SSLContext. new puts “Spoof must be in DER format and saved as root. cer” raw =...