Search
Find a vulnerability
Search criteria
2 vulnerabilities found for KINEPASS App by T-JOY CO.,LTD.
CVE-2018-0591 (GCVE-0-2018-0591)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
EPSS
VEX
Summary
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN83671755/ | third-party-advisoryx_refsource_JVN |
| https://itunes.apple.com/us/app/kinepasu-apuridek… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T-JOY CO.,LTD. | KINEPASS App |
Affected:
for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier
|
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINEPASS App",
"vendor": "T-JOY CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINEPASS App",
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"name": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0591",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0591 (GCVE-0-2018-0591)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
EPSS
VEX
Summary
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN83671755/ | third-party-advisoryx_refsource_JVN |
| https://itunes.apple.com/us/app/kinepasu-apuridek… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T-JOY CO.,LTD. | KINEPASS App |
Affected:
for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier
|
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINEPASS App",
"vendor": "T-JOY CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINEPASS App",
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"name": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0591",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}