20 matches found
EUVD-2020-23827
Malware in sbrugna...
EUVD-2020-16277
Malware in sbrugna...
EUVD-2020-23826
Malware in sbrugna...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-23533
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-23533
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
Design/Logic Flaw
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
Design/Logic Flaw
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
Design/Logic Flaw
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36285
CVE-2020-36285 concerns Union Pay for iOS up to version 3.3.12. The vulnerability is described as CWE-347: Improper Verification of Cryptographic Signature, where an authentication code (MAC) is generated based on a secret key that is NULL/empty. This permits attackers to shop for free on merchan...
CVE-2020-36285
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-36284
The CVE-2020-36284 issue affects UnionPay on Android versions prior to 3.4.93.4.9. Root cause: improper verification of cryptographic signatures (CWE-347) due to a MAC generated based on a secret key that is NULL. Impact: attackers can shop for free on merchants’ websites and mobile apps by craft...
CVE-2020-36284
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-23533
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
CVE-2020-23533
CVE-2020-23533 affects Union Pay web versions up to 1.2.0 and is linked to a CWE-347 vulnerability: improper verification of a cryptographic signature. An attacker can craft an authentication code (MAC) generated from a NULL/empty key to make free purchases on merchant websites and mobile apps. C...
Union Pay web 数据伪造问题漏洞
UnionPay web is an application of China UnionPay Corporation UnionPay. A security vulnerability exists in Union Pay for web versions prior to 1.2.0, which stems from a Password Signature Improper Verification vulnerability that can be exploited by an attacker to make free purchases on a merchant'...
PT-2021-10906 · Union Pay · Union Pay
Name of the Vulnerable Software and Affected Versions: Union Pay versions up to 1.2.0 Description: The issue allows attackers to shop for free in merchants' websites and mobile apps via a crafted authentication code MAC generated based on a secret key which is NULL. This is due to an improper...