CVE-2020-11614
N/A
N/A
Summary
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Crytilis/mids-reborn-hero-designer/releases
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities
References
- https://github.com/Crytilis/mids-reborn-hero-designer/releases
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.