[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4211Date: (C)2010-11-08   (M)2023-12-22


The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.9
Exploit Score: 5.5
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-44657
ADV-2010-2887
http://itunes.apple.com/us/app/paypal/id283646709
http://news.cnet.com/8301-27080_3-20021730-245.html
http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
paypal-certificate-info-disclosure(63002)

CPE    3
cpe:/o:apple:iphone_os:3.1.3
cpe:/o:apple:iphone_os:3.1.2
cpe:/o:apple:iphone_os:3.1
CWE    1
CWE-287

© SecPod Technologies