Vulnerabilities

CVE-2020-5523

by Fred · 28/01/2020

Android App ‘MyPallete’ and some of the Android banking applications based on ‘MyPallete’ do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Date published : 2020-01-28

http://jvn.jp/en/jp/JVN28845872/index.html

http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html

Similar

Tags: Cybersecurity Alert