3 matches found
Design/Logic Flaw
The Yuko Yuko aka jp.co.yukoyuko.android.yukoyukoandroid application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5323
CVE-2014-5323 affects the Yuko Yuko App for Android (jp.co.yukoyuko.android.yukoyuko_android), version 1.0.5 and earlier. The root cause is that the app does not verify X.509 certificates when establishing SSL connections, enabling potential MITM attackers to spoof servers and access sensitive in...
JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates
Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...