The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
Link | Resource |
---|---|
https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f | Issue Tracking Third Party Advisory |
https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb | Third Party Advisory |
https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-17T17:00:00
Updated: 2018-01-17T16:57:01
Reserved: 2018-01-07T00:00:00
Link: CVE-2018-5258
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-17T17:29:02.257
Modified: 2018-02-02T16:10:15.973
Link: CVE-2018-5258
JSON object: View
Redhat Information
No data.
CWE