CVE-2017-3194

Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Pandora	Pandora	*	8.3.2 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

http://www.securityfocus.com/bid/97158
https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018
https://www.kb.cert.org/vuls/id/342303
https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/
http://www.securityfocus.com/bid/97158
https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018
https://www.kb.cert.org/vuls/id/342303
https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-3194
CWE	https://cwe.mitre.org/data/definitions/295.html

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References