N/A

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.

N/A

使用硬编码的凭证

Ypsomed mylife App 信任管理问题漏洞

Ypsomed mylife App是Ypsomed AG的一个应用软件。为了优化糖尿病患者与医疗保健专业人员之间的沟通，mylife 治疗管理是一个易于使用、易于共享的糖尿病治疗数据解决方案。 Ypsomed mylife App存在信任管理问题漏洞，该漏洞源于该应用程序基于硬编码的数据在客户端与服务端之间的通信协议的应用层上进行加密，这允许中间人攻击者篡改消息。

N/A

N/A