Starscream library version prior to 2.0.4 suffer from an SSL pinning vulnerability due to the pinning occurring too late in the stream function.
64a188b368b05fc0c83b778a896addd96b7d6adfd09af4f4173cf80627a8b788WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.
911f854c9a36763caa18a5091f41af4eab6b024c955e6ae37364bb34cf77c512
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed