Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack
Vulnerability Description
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity capabilities. The ThreatMetrix SDK versions prior to 3.2 do not validate SSL certificates on the iOS platform. An affected application will communicate with https://h-sdk.online-metrix.net, regardless of whether the connection is secure or not. An attacker on the same network as or upstream from the iOS device may be able to view or modify ThreatMetrix network traffic that should have been protected by HTTPS.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
ThreatMetrix SDK for iOS 安全漏洞
Vulnerability Description
ThreatMetrix SDK for iOS是美国ThreatMetrix公司的一套基于iOS移动应用程序提供防欺诈和设备身份验证功能的安全库。 基于iOS平台的ThreatMetrix SDK 3.2之前版本中存在安全漏洞,该漏洞源于程序没有验证HTTPS连接所提供的SSL证书。攻击者可通过实施中间人攻击,查看或修改被HTTPS所保护的ThreatMetrix网络流量。
CVSS Information
N/A
Vulnerability Type
N/A