VYPR
Unrated severityNVD Advisory· Published Jun 2, 2015· Updated Jun 17, 2026

CVE-2015-4094

CVE-2015-4094

Description

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected products

2
  • cpe:2.3:a:thycotic:secret_server:*:*:*:*:*:iphone_os:*:*+ 1 more
    • cpe:2.3:a:thycotic:secret_server:*:*:*:*:*:iphone_os:*:*range: <=2.3
    • (no CPE)range: <=2.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.