CVE-2017-9592
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
La aplicación "Your Legacy Federal Credit Union Mobile Banking" de Your Legacy Federal Credit Union versión 3.0.1 -- también se conoce como your-legacy-federal-credit-union-mobile-banking/id919131389 para iOS, no comprueba los certificados X.509 de los servidores SSL, lo que permite a los atacantes de tipo man-in-the-middle falsificar los servidores y obtener información confidencial por medio de un certificado especialmente diseñado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-12 CVE Reserved
- 2017-06-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Meafinancial Search vendor "Meafinancial" | Your Legacy Federal Credit Union Mobile Banking Search vendor "Meafinancial" for product "Your Legacy Federal Credit Union Mobile Banking" | 3.0.1 Search vendor "Meafinancial" for product "Your Legacy Federal Credit Union Mobile Banking" and version "3.0.1" | iphone_os |
Affected
|