CVE Details for CVE: CVE-2014-5751
Summary
The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Timestamps | |
---|---|
Last major update | 16-09-2014 - 14:18 |
Published | 09-09-2014 - 10:55 |
Last modified | 16-09-2014 - 14:18 |
CAPEC
Click the CAPEC title to display a description
-
Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CWE
CVSS
Base
5.4
Impact
6.4
Exploitability
5.5
Access
Vector | Complexity | Authentication |
---|---|---|
ADJACENT_NETWORK | MEDIUM | NONE |
Impact
Confidentiality | Integrity | Availability |
---|---|---|
PARTIAL | PARTIAL | PARTIAL |
CVSS3
None
VIA4 references
cvss-vector
via4