Insufficient Certificate Validation in Avira Secure Backup for Android
CVE-2014-5576

Currently unrated

Key Information:

Vendor: Avira
Status: Avira Secure Backup
Vendor: CVE Published:; 9 September 2014

What is CVE-2014-5576?

The Avira Secure Backup application version 1.2.3 for Android contains a vulnerability that fails to verify X.509 certificates from SSL servers properly. This oversight leaves the application susceptible to man-in-the-middle attacks, allowing attackers to impersonate legitimate servers and potentially intercept sensitive user information through cleverly crafted certificates. Users of this application should be aware of the risks associated with unverified SSL connections and consider upgrading to secure versions promptly.

References

http://www.kb.cert.org/vuls/id/179457

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Timeline

Vulnerability published
Sep 9, 2014
Vulnerability Reserved
Aug 30, 2014