cordova-plugin-file-transfer has insecure default. The default value for trustAllHosts
is true for iOS applications. By using this flaw, attackers can easily spoof SSL servers and have them be trusted by the application.
CPE | Name | Operator | Version |
---|---|---|---|
cordova-plugin-file-transfer | le | 0.4.1 |