SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kaspersky Internet Security Vendors:   Kaspersky Lab
Kaspersky Internet Security Android App Certificate Validation Flaw Lets Remote Users Spoof Servers
SecurityTracker Alert ID:  1030815
SecurityTracker URL:  http://securitytracker.com/id/1030815
CVE Reference:   CVE-2014-5654   (Links to External Site)
Date:  Sep 9 2014
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information

Version(s): 11.4.4.232; possibly other versions
Description:   A vulnerability was reported in Kaspersky Internet Security app for Android. A remote user can spoof servers.

The application (com.kms.free) does not verify X.509 certificates from SSL servers. A remote user with the ability conduct a man-in-the-middle attack can supply a specially crafted certificate to spoof an SSL server obtain or modify sensitive information

The vendor was notified on August 27, 2014.

The original report is available at:

https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/

The original advisories will be available at:

http://www.kb.cert.org/vuls/id/218177
http://www.kb.cert.org/vuls/id/582497

Will Dormann of the CERT/CC reported this vulnerability.

Impact:   A remote user can spoof SSL servers to obtain or modify potentially sensitive information.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.kaspersky.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Android

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC