The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN01014759/index.html | Patch Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/96004 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-04-28 09:59
Updated : 2017-05-10 10:41
NVD link : CVE-2017-2103
Mitre link : CVE-2017-2103
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
k-opticom_corporation
- lala_call