漏洞标题
HCL Verse for Android存在SSL证书主机验证漏洞。
漏洞描述信息
HCL Verse for Android 受 SSL 证书主机验证漏洞影响
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
An SSL certificate host verification vulnerability affects HCL Verse for Android
漏洞描述信息
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
漏洞类别
通道可被非端点访问(中间人攻击)
漏洞标题
HCL Technologies HCL Verse 信任管理问题漏洞
漏洞描述信息
HCL Technologies HCL Verse是印度HCL Technologies公司的一个可访问邮件并进行生活计划管理的移动端应用。 HCL Technologies HCL Verse for Android 12.0.9之前版本存在安全漏洞,该漏洞源于应用在服务器设置和登录流程期间存在主机名和SSL证书验证问题。攻击者通过使用中间人 (MITM) 攻击来利用该漏洞欺骗受信任的实体。
CVSS信息
N/A
漏洞类别
信任管理问题