CWE-295
Improper Certificate Validation
BaseDraft
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (377)
page 12 of 19| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9567 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9566 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9565 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9564 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9563 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9562 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9561 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9560 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9559 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-9558 | Med | 0.38 | 5.9 | 0.00 | Jun 16, 2017 | The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2016-7816 | Med | 0.38 | 5.9 | 0.00 | Jun 9, 2017 | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2016-7805 | Med | 0.38 | 5.9 | 0.00 | Jun 9, 2017 | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-6988 | Med | 0.38 | 5.9 | 0.00 | May 22, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |
| CVE-2017-8943 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8942 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8941 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8940 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8939 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8938 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |
| CVE-2017-8937 | Med | 0.38 | 5.9 | 0.00 | May 15, 2017 | The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |