MidnightBSD

Advisories for verkehrsmuseum-dresden

CVE-2014-7655 MEDIUM

The Dresden Transport Museum (aka de.appack.project.vmd) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
verkehrsmuseum-dresden dresden_transport_museum 2.2