Man-in-the-Middle Vulnerability in Snake Evolution App for Android
CVE-2014-5590

Currently unrated

Key Information:

Vendor: Snake Evolution Project
Status: Snake Evolution
Vendor: CVE Published:; 9 September 2014

🔔 Create Snake Evolution Project Vulnerability Alert

What is CVE-2014-5590?

The Snake Evolution application for Android version 1.3.1 contains a vulnerability that fails to properly verify X.509 certificates from SSL servers. This oversight permits man-in-the-middle attackers to spoof SSL connections, potentially allowing them to intercept sensitive information transmitted between the user and the server when a crafted certificate is presented. Users of this application are at risk of unauthorized data access and must be cautious when handling sensitive information.

References

http://www.kb.cert.org/vuls/id/370681

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2014
Vulnerability Reserved
Aug 30, 2014

CVE-2014-5590 Data

JSON