Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability
BID:69900
Info
Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 69900 |
| Class: | Design Error |
| CVE: |
CVE-2014-5617 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 03 2014 12:00AM |
| Updated: | Sep 03 2014 12:00AM |
| Credit: | Will Dormann of the CERT/CC |
| Vulnerable: |
Exsoul-Browser Exsoul Web Browser 3.3.3 ~~~Android~~ |
| Not Vulnerable: | |
Discussion
Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability
Exsoul Web Browser for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Exsoul Web Browser 3.3.3 is vulnerable; other versions may be affected.
Exsoul Web Browser for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Exsoul Web Browser 3.3.3 is vulnerable; other versions may be affected.
Exploit / POC
Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
References
Exsoul Web Browser for Android SSL Certificate Validation Security Bypass Vulnerability
References:
References: