Open bipanfei opened 9 months ago
漏洞描述应用使用了 HostnameVerifier 接口,并修改了 verify 的实现,但没有对传入的域名进行合理检查,存在中间人攻击风险 漏洞线索1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z 1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z 2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z
漏洞描述应用使用了 HostnameVerifier 接口,并修改了 verify 的实现,但没有对传入的域名进行合理检查,存在中间人攻击风险 漏洞线索1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z | 2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z 1: Lcom/allenliu/versionchecklib/core/http/a$c;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z 2: Lb/c/a/f/a$b;->verify(Ljava/lang/String; Ljavax/net/ssl/SSLSession;)Z