WAON service app for Android fails to verify SSL server certificates

Overview WAON service app for Android provided by AEON CO., LTD. fails to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle...

CVE-2016-4832

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates...

CVE-2016-4832

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates...

CVE-2016-4832

The WAON Service App for Android (version 1.4.1 and earlier) fails to verify SSL server certificates, enabling potential MITM eavesdropping on encrypted connections. This vulnerability is documented by multiple sources (e.g., JVNDB-2016-000124 and JVN #68364327) and is tied to the WAON Android ap...

CVE-2016-4832

WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates...

AEON WAON for Android Security Bypass Vulnerability

AEON WAON for Android is an Android-based rechargeable contactless smart card product from AEON Japan for use in the Japanese electronic money system. A security bypass vulnerability exists in AEON WAON for Android version 1.4.1 and earlier versions, which can be exploited by attackers to conduct...

JVN#68364327: WAONサービスアプリ App for Android fails to verify SSL server certificates

WAONサービスアプリ App for Android provided by AEON CO., LTD. fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provided by...