The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate, as demonstrated by a server used for updating virus signature files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zoner zoner antivirus free - |
||
zoner zoner antivirus free 1.7.0 |