CVE-2016-7805 | THREATINT

Description

The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

PUBLISHED Reserved 2016-09-09 | Published 2017-06-09 | Updated 2024-08-06 | Assigner jpcert

Problem types

Fails to verify SSL certificates

Product status

version 2.2.1.2 and earlier

affected

version 2.2.4.1 and earlier

affected

References

www.securityfocus.com/bid/94085 (94085) vdb-entry

jvn.jp/en/jp/JVN27260483/index.html (JVN#27260483) third-party-advisory

www.securityfocus.com/bid/94085 (94085) vdb-entry

jvn.jp/en/jp/JVN27260483/index.html (JVN#27260483) third-party-advisory

cve.org (CVE-2016-7805)

nvd.nist.gov (CVE-2016-7805)

Download JSON