Acceptance of invalid/self-signed TLS certificates in Panda Mobile Security 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Panda_mobile_security | Watchguard | 1.1 (including) | 1.1 (including) |