VYPR
← All advisories
Medium severity5.9NVD Advisory· Published Sep 18, 2017· Updated May 13, 2026

CVE-2016-10511

CVE-2016-10511

Description

The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.

Affected products

3
  • Twitter/Twitter2 versions
    cpe:2.3:a:twitter:twitter:6.62.1:*:*:*:*:iphone_os:*:*+ 1 more
    • cpe:2.3:a:twitter:twitter:6.62.1:*:*:*:*:iphone_os:*:*
    • cpe:2.3:a:twitter:twitter:6.62:*:*:*:*:iphone_os:*:*
  • Twitter/Twitter iOS clientllm-create
    Range: 6.62, 6.62.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.