Search

Find a vulnerability

Search criteria

    3 vulnerabilities by Mizuho Bank, Ltd.

    CVE-2018-16179 (GCVE-0-2018-16179)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mizuho Bank, Ltd. Mizuho Direct App for Android Affected: version 3.13.0 and earlier
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mizuho Direct App for Android",
              "vendor": "Mizuho Bank, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.13.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mizuho Direct App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.13.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mizuho Bank, Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking",
                  "refsource": "MISC",
                  "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91640357/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16179",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16179 (GCVE-0-2018-16179)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    Impacted products
    Vendor Product Version
    Mizuho Bank, Ltd. Mizuho Direct App for Android Affected: version 3.13.0 and earlier
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mizuho Direct App for Android",
              "vendor": "Mizuho Bank, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 3.13.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mizuho Direct App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 3.13.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mizuho Bank, Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking",
                  "refsource": "MISC",
                  "url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
                },
                {
                  "name": "https://jvn.jp/en/vu/JVNVU91640357/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16179",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2018-009387

    Vulnerability from jvndb - Published: 2018-11-19 15:44 - Updated:2019-08-27 16:48
    Severity
    Summary
    Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates
    Details
    Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295). Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
      "dc:date": "2019-08-27T16:48+09:00",
      "dcterms:issued": "2018-11-19T15:44+09:00",
      "dcterms:modified": "2019-08-27T16:48+09:00",
      "description": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates.\r\n\r\nMizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295).\r\n\r\nReo Yoshida reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
      "sec:cpe": {
        "#text": "cpe:/a:mizuhobank:mizuho_direct_application",
        "@product": "Mizuho Direct App",
        "@vendor": "Mizuho Bank, Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-009387",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU91640357/index.html",
          "@id": "JVNVU#91640357",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16179",
          "@id": "CVE-2018-16179",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16179",
          "@id": "CVE-2018-16179",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/295.html",
          "@id": "CWE-295",
          "@title": "Improper Certificate Validation(CWE-295)"
        }
      ],
      "title": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates"
    }