The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN64064138/index.html | Third Party Advisory |
https://www.atomtech.co.jp/news/news/2055/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2021-06-09T01:05:25
Updated: 2021-06-09T01:05:24
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20732
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-09T02:15:06.817
Modified: 2021-06-17T18:08:56.840
Link: CVE-2021-20732
JSON object: View
Redhat Information
No data.
CWE