PT-2025-37566

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: The custom X509TrustManager used in the checkServerTrusted function only checks the certificate's expiration date, bypassing proper TLS chain validation. Recommendations: At the moment, there is no...

Man-in-the-Middle (MitM)

cordova-plugin-file-transfer is susceptible to man-in-the-middle MitM attacks. The attacks are possible because the X509TrustManager fails to validate SSL certificates in the checkServerTrusted method, allowing any SSL certificate to connect to the server over SSL/TLS...

Simple App to-end security vulnerability of any debugging vulnerabilities, the middleman hijacking vulnerability and the encryption algorithm vulnerability-vulnerability warning-the black bar safety net

Last week to introduce to the APP-end backup feature is turned on vulnerability and local denial of service vulnerability this week to introduce the completion of the last of the three common App-side vulnerabilities: arbitrary debugging vulnerabilities, MiTM hijacking vulnerability and the...

Android security of Https man in the middle attacks vulnerability-vulnerability warning-the black bar safety net

0X01 overview ! HTTPS, is anetwork securitytransmission Protocol, usingSSL/TLSto the data packet to be encrypted,to providenetworkserverauthentication, the exchange of data protection of privacy andintegrity is. Man in the middle attacks, Man-in-the-middle attack, abbreviation: the MITM refers to...

Android HTTPS MiTM hijacking vulnerability analysis-vulnerability warning-the black bar safety net

The 1. Android HTTPS MiTM hijacking vulnerability description In cryptography and computer security field, the man in the middle attacks Man-in-the-middle attack, often abbreviated as MITM refers to an attacker with the communications at both ends, respectively, to create the separate contact, an...

Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net

0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...

CVE-2012-5810

The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, relat...

Design/Logic Flaw

Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to...

CVE-2003-1229

X509TrustManager in 1 Java Secure Socket Extension JSSE in SDK and JRE 1.4.0 through 1.4.001, 2 JSSE before 1.0.3, 3 Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and 4 Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in...

CVE-2003-1229

The issue concerns X509TrustManager in Java Secure Socket Extension (JSSE) across multiple Java platforms (SDK/JRE 1.4.0–1.4.0_01, JSSE before 1.0.3, Java Plug‑in SDK/JRE 1.3.0–1.4.1, and Java Web Start 1.0–1.2). The X509TrustManager incorrectly calls isClientTrusted when determining server trust...

Incorrect Certificate Validation in Java Secure Socket Extension

According to SUN it has been reported that: "the Java Secure Socket Extension JSSE may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions. The Java Plug-in and Java Web Start may incorrectly validate the...