CVE-2010-4211
N/A
N/A
Summary
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
- http://www.vupen.com/english/advisories/2010/2887
- http://news.cnet.com/8301-27080_3-20021730-245.html
- http://www.securityfocus.com/bid/44657
- http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
- http://itunes.apple.com/us/app/paypal/id283646709
- http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63002
References
- http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
- http://www.vupen.com/english/advisories/2010/2887
- http://news.cnet.com/8301-27080_3-20021730-245.html
- http://www.securityfocus.com/bid/44657
- http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
- http://itunes.apple.com/us/app/paypal/id283646709
- http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63002
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.