IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
BID:69967
Info
IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 69967 |
| Class: | Design Error |
| CVE: |
CVE-2014-5678 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2014 12:00AM |
| Updated: | Sep 08 2014 12:00AM |
| Credit: | Will Dormann of the CERT/CC |
| Vulnerable: |
Pop-Hub Iq Test 3.3 ~~~Android~~ |
| Not Vulnerable: | |
Discussion
IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
IQ Test is an application for Android devices.
Abduction Stacker Free for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. An attacker can exploit this issue to spoof servers and obtain sensitive information through a crafted certificate.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
IQ Test 3.3 is vulnerable; other versions may also be affected.
IQ Test is an application for Android devices.
Abduction Stacker Free for Android is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. An attacker can exploit this issue to spoof servers and obtain sensitive information through a crafted certificate.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
IQ Test 3.3 is vulnerable; other versions may also be affected.
Exploit / POC
IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
IQ Test For Android CVE-2014-5678 SSL Certificate Validation Security Bypass Vulnerability
References:
References: