Atlassian HipChat for iOS CVE-2017-8058 TLS Certificate Validation Security Bypass Vulnerability

Atlassian HipChat for iOS is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions.

Versions prior to Atlassian HipChat for iOS 3.16.2 are vulnerable.

Information

Bugtraq ID: 98318
Class: Design Error
CVE: CVE-2017-8058

Remote: Yes
Local: No
Published: May 05 2017 12:00AM
Updated: May 05 2017 12:00AM
Credit: The vendor reported the issue.
Vulnerable: Atlassian HipChat for iOS 0

Not Vulnerable: Atlassian HipChat for iOS 3.16.2

Exploit

An attacker can exploit this issue using readily available tools.

References:

Atlassian Homepage (Atlassian)
Follow up: 76 Popular Apps Confirmed Vulnerable to Silent Interception of TLS-Pr (medium.com)

Source: www.securityfocus.com

Exploit Collector

Search Exploit