Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by t-joy
CVE-2018-0591 (GCVE-0-2018-0591)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
EPSS
VEX
Summary
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN83671755/ | third-party-advisoryx_refsource_JVN |
| https://itunes.apple.com/us/app/kinepasu-apuridek… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T-JOY CO.,LTD. | KINEPASS App |
Affected:
for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier
|
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINEPASS App",
"vendor": "T-JOY CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINEPASS App",
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"name": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0591",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0591 (GCVE-0-2018-0591)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
EPSS
VEX
Summary
The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN83671755/ | third-party-advisoryx_refsource_JVN |
| https://itunes.apple.com/us/app/kinepasu-apuridek… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| T-JOY CO.,LTD. | KINEPASS App |
Affected:
for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier
|
Date Public
2018-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINEPASS App",
"vendor": "T-JOY CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
],
"datePublic": "2018-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINEPASS App",
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
},
{
"name": "JVN#83671755",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN83671755/"
},
{
"name": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0591",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}