The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Apeosware_management_suite | Fujixerox | 2.0.0 (including) | 2.0.5 (including) |
| Apeosware_management_suite | Fujixerox | 2.0.0 (including) | 2.0.8 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://jvn.jp/en/jp/JVN00014057/index.html
- http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en
- http://jvn.jp/en/jp/JVN00014057/index.html
- http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en