Vulnerability Description
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| T-Joy | Kinepass | <= 3.1.1 |
Related Weaknesses (CWE)
References
- https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8Third Party Advisory
- https://jvn.jp/en/jp/JVN83671755/Third Party AdvisoryVDB Entry
- https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=enThird Party Advisory
- https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8Third Party Advisory
- https://jvn.jp/en/jp/JVN83671755/Third Party AdvisoryVDB Entry
- https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=enThird Party Advisory
FAQ
What is CVE-2018-0591?
CVE-2018-0591 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...
How severe is CVE-2018-0591?
CVE-2018-0591 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0591?
Check the references section above for vendor advisories and patch information. Affected products include: T-Joy Kinepass.