Refine your search
1 vulnerability found for by T-JOY CO.,LTD.
CVE-2018-0591 (GCVE-0-2018-0591)
Vulnerability from cvelistv5
Published
2018-05-14 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to verify SSL certificates
Summary
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| T-JOY CO.,LTD. | KINEPASS App |
Version: for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINEPASS App",
"vendor": "T-JOY CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINEPASS App",
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"name": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0591",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}