OSVDB ID: 81629

Title: sp-mode Mail for Android SSL Certificate Validation MitM Spoofing Weakness

Info

Disclosure

Apr 26, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

sp-mode Mail for Android contains a flaw related to the validation of SSL certificates when accessing certain services. This may allow a man-in-the-middle attacker to spoof a valid server.

Classification

Location: Remote / Network Access, Mobile Phone / Hand-held Device
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Coordinated Disclosure

Solution

Upgrade to the latest version as of 2012-04-26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

NTT DOCOMO

sp-mode Mail for Android

5400

References

CVE ID: 2012-1244 (see also: NVD)
Secunia Advisory ID: 48955
Other Advisory URL: http://jvn.jp/en/jp/JVN82029095/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/81629