Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Disabled hostname verification and accepting self-signed certificates
Vulnerability Description
Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
Garvit Agarwal mifos-mobile 安全漏洞
Vulnerability Description
Garvit Agarwal mifos-mobile是Garvit Agarwal开源的一个应用软件。用于供最终用户客户查看/处理他们持有的帐户和贷款 mifos-mobile 存在安全漏洞,该漏洞允许中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A