Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
BID:68988
Info
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 68988 |
| Class: | Design Error |
| CVE: |
CVE-2014-5239 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 30 2014 12:00AM |
| Updated: | Aug 19 2014 12:52AM |
| Credit: | Koki Takahashi |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
Outlook.com for Android is prone to a security-bypass vulnerability because it fails to properly validate SSL certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Versions prior to Outlook.com 7.8.2.12.49.7090 are vulnerable.
Outlook.com for Android is prone to a security-bypass vulnerability because it fails to properly validate SSL certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Versions prior to Outlook.com 7.8.2.12.49.7090 are vulnerable.
Exploit / POC
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Outlook.com for Android SSL Certificate Validation Security Bypass Vulnerability
References:
References: