Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Kaspersky Internet Security Vendors:   Kaspersky Lab
Kaspersky Internet Security Android App Certificate Validation Flaw Lets Remote Users Spoof Servers
SecurityTracker Alert ID:  1030815
SecurityTracker URL:
CVE Reference:   CVE-2014-5654   (Links to External Site)
Date:  Sep 9 2014
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information

Version(s):; possibly other versions
Description:   A vulnerability was reported in Kaspersky Internet Security app for Android. A remote user can spoof servers.

The application ( does not verify X.509 certificates from SSL servers. A remote user with the ability conduct a man-in-the-middle attack can supply a specially crafted certificate to spoof an SSL server obtain or modify sensitive information

The vendor was notified on August 27, 2014.

The original report is available at:

The original advisories will be available at:

Will Dormann of the CERT/CC reported this vulnerability.

Impact:   A remote user can spoof SSL servers to obtain or modify potentially sensitive information.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Android

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC