Inadequate SSL Certificate Validation in Facebook Profits on Steroids Application for Android
CVE-2014-7376

Currently unrated

Key Information:

Vendor: Facebook Profits On Steroids Project
Status: Facebook Profits On Steroids
Vendor: CVE Published:; 19 October 2014

🔔 Create Facebook Profits On Steroids Project Vulnerability Alert

What is CVE-2014-7376?

The Facebook Profits on Steroids application version 0.1 for Android is susceptible to man-in-the-middle attacks due to its failure to verify the authenticity of X.509 certificates from SSL servers. This weakness may allow malicious actors to impersonate legitimate servers, potentially leading to unauthorized access to sensitive user information through crafted certificates. As users interact with the application, the lack of proper certificate validation can expose their data to interception and misuse.

References

http://www.kb.cert.org/vuls/id/383529

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Oct 3, 2014