Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
UnionPay IOS 数据伪造问题漏洞
Vulnerability Description
UnionPay IOS是中国中国银联(UnionPay)公司的一个应用系统。 Union Pay ios 3.3.12 存在安全漏洞,该漏洞源于密码签名不正确验证,攻击者可利用该漏洞通过基于空密钥生成的认证代码(MAC),在商家网站和手机应用上免费购物。
CVSS Information
N/A
Vulnerability Type
N/A