CVE-2024-27440

2024-03-1305:40:22

jpcert

github.com

toyoko inn

app

ios

android

server certificates

man-in-the-middle

data theft

AI Score

4.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don’t properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:*"
    ],
    "vendor": "toyoko_inn",
    "product": "toyoko_inn",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.13.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270

jvn.jp/en/jp/JVN52919306/

play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid