Man-in-the-Middle Vulnerability in Yahoo! Japan Yafuoku! Application for iOS and Android
CVE-2013-4699

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yafuoku\!
Vendor: CVE Published:; 21 August 2013

What is CVE-2013-4699?

The Yafuoku! application by Yahoo! Japan, versions 4.3.0 and earlier, is susceptible to a vulnerability that fails to properly validate X.509 certificates from SSL servers. This oversight allows potential attackers to engage in man-in-the-middle attacks, enabling them to impersonate servers and intercept sensitive user information through crafted certificates. Users of the app are left vulnerable to data leakage and other security threats due to the lack of adequate SSL certificate verification.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN68156832/index.html

third-party-advisoryx_refsource_JVN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 21, 2013

CVE-2013-4699 Data

JSON