X.509 Certificate Verification Flaw in LINE MUSIC for Android
CVE-2018-0650

7.4HIGH

Key Information:

Vendor

Line Music Corporation

Status
Line Music For Android
Vendor
CVE Published:
7 September 2018

What is CVE-2018-0650?

The LINE MUSIC app for Android, specifically in versions 3.1.0 through 3.6.4, is impacted by a vulnerability that fails to properly verify X.509 certificates from SSL servers. This oversight allows attackers to execute man-in-the-middle attacks by spoofing server communications, potentially leading to the exposure of sensitive information. Users of affected versions are advised to update to version 3.6.5 or later to mitigate this security risk.

Affected Version(s)

LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5

References

http://jvn.jp/en/jp/JVN16933564/index.html
third-party-advisoryx_refsource_JVN
https://play.google.com/store/apps/details?id=jp.linecorp...
x_refsource_MISC
https://linecorp.com/en/security/article/182
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.