BID:69877

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

Info

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	69877
Class:	Design Error
CVE:	CVE-2014-5554
Remote:	Yes
Local:	No
Published:	Sep 03 2014 12:00AM
Updated:	Sep 03 2014 12:00AM
Credit:	Will Dormann of the CERT/CC
Vulnerable:	Ilearnwith Fun Preschool Creativity Game 1.6.2 ~~~Android~~

Not Vulnerable:

Discussion

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

Fun Preschool Creativity Game for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Exploit / POC

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

An attacker can use readily available network utilities to exploit this issue.

Solution / Fix

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

Fun Preschool Creativity Game Android SSL Certificate Validation Security Bypass Vulnerability

References:

Fun Preschool Creativity Game HomePage (Google)
VU#582497 Multiple Android applications fail to properly validate SSL certificat (KB CERT)