CVE-2016-6562 – ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections

https://notcve.org/view.php?id=CVE-2016-6562

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. En dispositivos iOS y Android, la aplicación ShoreTel Mobility Client 9.1.3.109 no valida correctamente los certificados SSL proporcionados por las conexiones HTTPS; esto significa que un atacante en posición de realizar ataques Man-in-the-Middle (MitM) podría ser capaz de obtener información sensible de la cuenta, como credenciales de inicio de sesión. • https://www.info-sec.ca/advisories/ShoreTel-Mobility.html https://www.kb.cert.org/vuls/id/475907 https://www.securityfocus.com/bid/95224 • CWE-295: Improper Certificate Validation •