Showing 1 - 2 of 2

Files from Giuliano Galea

First Active	2017-04-21
Last Active	2017-04-23

Starscream 2.0.3 SSL Pinning Bypass: Posted Apr 23, 2017; Authored by Giuliano Galea, Lukas Futera; Starscream library version prior to 2.0.4 suffer from an SSL pinning vulnerability due to the pinning occurring too late in the stream function.; tags | advisory, bypass; advisories | CVE-2017-5887; SHA-256 | 64a188b368b05fc0c83b778a896addd96b7d6adfd09af4f4173cf80627a8b788; Download | Favorite | View

Starscream 2.0.3 SSL Pinning Bypass: Posted Apr 21, 2017; Authored by Giuliano Galea, Lukas Futera; WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.; tags | advisory, tcp, bypass, info disclosure; advisories | CVE-2017-7192; SHA-256 | 911f854c9a36763caa18a5091f41af4eab6b024c955e6ae37364bb34cf77c512; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days