The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-11-08T23:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2010-11-08T00:00:00
Link: CVE-2010-4211
JSON object: View
NVD Information
Status : Modified
Published: 2010-11-09T01:00:02.697
Modified: 2017-08-17T01:33:08.307
Link: CVE-2010-4211
JSON object: View
Redhat Information
No data.
CWE