MITM Vulnerability in LINE@ for Android and iOS by LINE Corporation
CVE-2015-2968

5.9MEDIUM

Key Information:

Vendor: Line Corporation
Status: Line@ For Android; Line@ For iOS
Vendor: CVE Published:; 31 October 2023

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2015-2968?

LINE@ for Android and iOS versions 1.0.0 are susceptible to a serious vulnerability that permits man-in-the-middle (MITM) attacks. This issue arises because the application does not enforce SSL/TLS for its communications, which can allow an attacker to intercept and manipulate traffic between the client and the server. Consequently, any API can be compromised through scripts injected by malicious actors. Users of these apps should prioritize the immediate update of their applications to secure their data against potential intrusions.

Affected Version(s)

LINE@ for Android version 1.0.0

LINE@ for iOS version 1.0.0

References

http://official-blog.line.me/ja/archives/36495925.html

https://jvn.jp/en/jp/JVN22546110/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Apr 7, 2015