CVE-2014-6815

Published Sep 30, 2014

Last updated 10 years ago

Overview

Description
The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source
cret@cert.org
NVD status
Analyzed

Risk scores

CVSS 2.0

Type
Primary
Base score
5.4
Impact score
6.4
Exploitability score
5.5
Vector string
AV:A/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-310

Social media

Hype score
Not currently trending

Configurations