2 matches found
Whisper - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Whisper published at the 'play' market has multiple vulnerabilities...
CVE-2014-5808
The CVE-2014-5808 entry concerns The Whisper (aka sh.whisper) Android app version 4.0.6, which does not verify X.509 certificates from SSL servers. This misconfiguration enables MITM attackers to spoof servers and potentially obtain sensitive information via a crafted certificate, with a CVSSv2 b...