BID:69952

Minha Oi Android CVE-2014-5916 SSL Certificate Validation Security Bypass Vulnerability

Info

Minha Oi Android CVE-2014-5916 SSL Certificate Validation Security Bypass Vulnerability

Bugtraq ID:	69952
Class:	Design Error
CVE:	CVE-2014-5916
Remote:	Yes
Local:	No
Published:	Sep 03 2014 12:00AM
Updated:	Sep 03 2014 12:00AM
Credit:	Will Dormann of the CERT/CC
Vulnerable:	Oi Aplicativos Minha Oi for Android 1.15.0

Not Vulnerable:

Discussion

Minha Oi Android CVE-2014-5916 SSL Certificate Validation Security Bypass Vulnerability

Minha Oi for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

References

Minha Oi Android CVE-2014-5916 SSL Certificate Validation Security Bypass Vulnerability

References:

Minha Oi Homepage (Google)
VU#582497 Multiple Android applications fail to properly validate SSL certificat (KB CERT)