Back to search
CVE-2020-5523
Published: Jan 28, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
| Vendor | Product | Versions |
|---|---|---|
NTT Data Corporation | 'MyPallete' and some of the Android banking applications that use 'MyPallete' | affected MyPallete all versions, AshikagaBankingAppli ver1.0.4 and earlier, SENSHUIKEDABANKBankingAppli ver3.0.4 and earlier, ShikokuBankingAppli ver2.0.1 and earlier, TohokuBankingAppli ver1.0.1 and earlier, NaganoBankingAppli ver1.0.1 and earlier, 77BankingAppli ver2.0.1 and earlier, HokkaidoBankingAppli ver3.0.1 and earlier, and HokurikuBankingAppli ver2.0.1 and earlier |
References
http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html
x_refsource_MISC
https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf
x_refsource_MISC
https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf
x_refsource_MISC
https://www.shikokubank.co.jp/info/apps20200128.html
x_refsource_MISC
https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html
x_refsource_MISC
https://www.naganobank.co.jp/soshiki/2/app-ssl.html
x_refsource_MISC
https://www.hokugin.co.jp/info/archives/personal/2020/1913.html
x_refsource_MISC
http://jvn.jp/en/jp/JVN28845872/index.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now