Web Browser & Explorer for Android SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	69899
Class:	Design Error
CVE:	CVE-2014-5616
Remote:	Yes
Local:	No
Published:	Sep 03 2014 12:00AM
Updated:	Sep 03 2014 12:00AM
Credit:	Will Dormann of the CERT/CC
Vulnerable:	Litter Penguin Web Browser & Explorer 2.0.7 ~~~Android~~
Not Vulnerable:

Web Browser & Explorer for Android SSL Certificate Validation Security Bypass Vulnerability

Web Browser & Explorer for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Web Browser & Explorer 2.0.7 is vulnerable; other versions may also be affected.

Web Browser & Explorer for Android SSL Certificate Validation Security Bypass Vulnerability

An attacker can use readily available network utilities to exploit this issue.

Web Browser & Explorer for Android SSL Certificate Validation Security Bypass Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Web Browser & Explorer for Android SSL Certificate Validation Security Bypass Vulnerability

References:

• Web Browser & Explorer Homepage (Google)
  
• VU#582497 Multiple Android applications fail to properly validate SSL certificat (KB CERT)