CVE-2016-7816

Description

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected products

• Cybozu, Inc. / kintone mobile for Android1.0.6 and earlier – 1.0.6 and earlier

References

• MISChttps://jvn.jp/en/jp/JVN20252219/index.html
• MISChttp://www.securityfocus.com/bid/94547
• MISChttps://support.cybozu.com/ja-jp/article/9719