CVE-2017-8059 Information

Description

Acceptance of invalid/self-signed TLS certificates in \Foxit PDF - PDF reader editor form signature\ before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password) in addition to the static authentication token if the user is already logged in.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1