SSL Certificate Verification Flaw in Cybozu KUNAI for iPhone and Android
CVE-2016-1187

6.8MEDIUM

Key Information:

Vendor

Cybozu
Status
Kunai
Vendor
CVE Published:
21 April 2017

What is CVE-2016-1187?

The Cybozu KUNAI mobile applications for iPhone and Android have a flaw that prevents proper verification of SSL certificates. This vulnerability could allow attackers to execute man-in-the-middle attacks, intercepting sensitive data sent between users and the service. Users of affected versions are advised to update to the latest versions to ensure secure communications.

References

https://support.cybozu.com/ja-jp/article/9446
x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN11994518/index.html
third-party-advisoryx_refsource_JVN
https://support.cybozu.com/ja-jp/article/9495
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.