Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Restkit | Restkit | - (including) | - (including) |