The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| China_citic_bank_credit_card | Ecitic | 3.3.6 (including) | 3.3.6 (including) |