An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAvtech Eagleeyes\(lite\)
APPAvtech2.0.0
Powiązane podatności
AVTECH EagleEyes — pominięcie weryfikacji domeny TLS (ALLOW_ALL_HOSTNAME_VERIFIER)
AVTECH AVN801 DVR has a security bypass via the administration login captcha
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated com...