SSL Certificate Verification Failure in Kaspersky Internet Security for Android
CVE-2014-5654

Currently unrated

Key Information:

Vendor: Kaspersky
Status: Kaspersky Internet Security
Vendor: CVE Published:; 9 September 2014

Summary

The Kaspersky Internet Security application for Android lacks proper verification of X.509 certificates from SSL servers. This vulnerability creates an opportunity for man-in-the-middle attackers to present fraudulent SSL certificates, potentially allowing them to intercept and manipulate sensitive communications. Users of this application must remain vigilant, as successful exploitation could lead to the unauthorized disclosure of personal data.

References

http://www.kb.cert.org/vuls/id/218177

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Timeline

Vulnerability published
Sep 9, 2014
Vulnerability Reserved
Aug 30, 2014