CVE-2017-3190

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-3190

CWE

https://cwe.mitre.org/data/definitions/295.html

Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Flash_seats	Axs	*	1.9.51 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

http://www.securityfocus.com/bid/96719
https://www.kb.cert.org/vuls/id/247016
https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References