Unrated severityNVD Advisory· Published Jul 13, 2021· Updated Aug 3, 2024

Certificate pinning is not enforced on the web socket connection

CVE-2021-32755

Description

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.

Affected products

Wordapp/wire-ios-transportllm-fuzzy2 versions
>=3.82, <3.84+ 1 more
- (no CPE)range: >=3.82, <3.84
- (no CPE)range: = 3.8.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39vmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000