13 matches found
EUVD-2017-14962
Malware in sbrugna...
EUVD-2017-16230
Malware in sbrugna...
Starscream 2.0.3 SSL Pinning Bypass Vulnerability
WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false. An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting th...
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
Design/Logic Flaw
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
Design/Logic Flaw
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
CVE-2017-5887
CVE-2017-5887 affects Starscream’s WebSocket.swift prior to version 2.0.4. The vulnerability is an SSL pinning bypass caused by where pinning is performed: pinning occurs in the stream function, which is later than appropriate; pinning should be established in initStreamsWithData. This misplaceme...
CVE-2017-7192
The CVE-2017-7192 entry concerns the Starscream WebSocket library (WebSocket.swift) up to version 2.0.3, where SSL pinning can be bypassed due to incorrect handling of certValidated (it can be set to true but not to false). This enables a man-in-the-middle attack during re-connection after a TCP ...
Unauthorized access via starscream/skank in ISS RealSecure
In default installation addtional rights are granted to user account skank from starscream host...