SSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS

Published

2018-05-03 00:00:00

Summary

The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate.