The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At the moment that is an accepted risk. We only have https on the checkout part of the site."
References
Link | Resource |
---|---|
https://hackerone.com/reports/166712 | Third Party Advisory |
https://wwws.nightwatchcybersecurity.com/2017/07/27/boozt-fashion-android-app-didnt-use-ssl-for-login-cve-2017-11706/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-28T05:00:00
Updated: 2017-07-28T04:57:01
Reserved: 2017-07-27T00:00:00
Link: CVE-2017-11706
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-07-28T05:29:00.777
Modified: 2017-08-15T17:43:35.007
Link: CVE-2017-11706
JSON object: View
Redhat Information
No data.
CWE