6 matches found
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function this is too late; pinning should occur in the initStreamsWithData function...
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
Design/Logic Flaw
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false...
CVE-2017-7192
The CVE-2017-7192 entry concerns the Starscream WebSocket library (WebSocket.swift) up to version 2.0.3, where SSL pinning can be bypassed due to incorrect handling of certValidated (it can be set to true but not to false). This enables a man-in-the-middle attack during re-connection after a TCP ...