TLS Certificate Validation Flaw in Atlassian HipChat for iOS
CVE-2017-8058

5.9MEDIUM

Key Information:

Vendor: Atlassian
Status: Hipchat
Vendor: CVE Published:; 5 May 2017

Summary

An improper validation flaw in the TLS certificate handling of Atlassian HipChat for iOS permits the acceptance of invalid or self-signed TLS certificates. This vulnerability exposes users to potential man-in-the-middle attacks, allowing adversaries to intercept and access sensitive information transmitted during the login API calls. This flaw underscores the critical importance of strict certificate validation to safeguard data in transit.

References

http://www.securityfocus.com/bid/98318

vdb-entryx_refsource_BID

https://medium.com/%40chronic_9612/follow-up-76-popular-a...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2017
Vulnerability Reserved
Apr 22, 2017