Man-in-the-Middle Vulnerability in Baidu Navigation for Android
CVE-2014-7444

Currently unrated

Key Information:

Vendor: Baidu
Status: Baidu Navigation
Vendor: CVE Published:; 19 October 2014

What is CVE-2014-7444?

The Baidu Navigation application version 3.5.0 for Android lacks proper verification of X.509 certificates from SSL servers. This vulnerability enables man-in-the-middle attackers to impersonate legitimate servers, potentially allowing them to intercept and manipulate sensitive user information through the use of specially crafted certificates. Users of this application are at risk of unauthorized data access, making secure communication essential for protecting personal information.

References

http://www.kb.cert.org/vuls/id/394177

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/582497

third-party-advisoryx_refsource_CERT-VN

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJ...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2014
Vulnerability Reserved
Oct 3, 2014