CVE-2024-27440

Summary

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.

Affected Software

VendorProductVersion RangeStatus
Toyoko Inn IT Solution Co., Ltd.Toyoko Inn official App for iOSprior to 1.13.0affected
Toyoko Inn IT Solution Co., Ltd.Toyoko Inn official App for Androidprior 1.3.14affected

Weaknesses

  • Improper server certificate verification

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References