3 matches found
CVE-2017-0911
CVE-2017-0911 affects Twitter Kit for iOS 3.0–3.2.1. The issue is a callback verification flaw in the Login with Twitter flow: the final response is sent back via the registered custom URL scheme without authenticating the response, enabling forgery and potential association of a Twitter account ...
CVE-2019-16263
The CVE-2019-16263 issue affects the Twitter Kit framework for iOS up to version 3.4.2. The root cause is improper validation of the api.twitter.com SSL certificate, including a lack of hostname verification despite a pinned-certificate approach. This can enable man-in-the-middle attacks on apps ...
CVE-2019-5431
Twitter Kit for iOS versions 3.0–3.4.0 is affected by a callback verification flaw in the Login with Twitter component. The root cause is an incomplete validation of the authentication response sent via the registered custom URL scheme, allowing an attacker to forge the final step of the login fl...