Unverified SSL Certificates in Verizon Instant Refills Application for Android
CVE-2014-5754

Currently unrated

Key Information:

Vendor: Verizon Instant Refills 24\/7 Project
Status: Verizon Instant Refills 24\/7
Vendor: CVE Published:; 9 September 2014

🔔 Create Verizon Instant Refills 24\/7 Project Vulnerability Alert

What is CVE-2014-5754?

The Verizon Instant Refills 24/7 application for Android fails to adequately verify X.509 certificates from SSL servers. This oversight enables man-in-the-middle attackers to impersonate legitimate servers, potentially allowing for the interception and acquisition of sensitive user information through the use of fraudulent certificates. Users of this application may be at risk if they connect to compromised or malicious networks.

References

http://www.kb.cert.org/vuls/id/136689

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2014
Vulnerability Reserved
Aug 30, 2014

CVE-2014-5754 Data

JSON