The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Link Resource
http://www.kb.cert.org/vuls/id/582497 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/779529 Broken Link US Government Resource
https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2014-09-22T10:00:00

Updated: 2014-09-22T08:57:01

Reserved: 2014-08-30T00:00:00


Link: CVE-2014-5983

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2014-09-22T10:55:06.693

Modified: 2017-07-11T14:29:47.617


Link: CVE-2014-5983

JSON object: View

cve-icon Redhat Information

No data.

CWE