BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake Apr 21 2017 04:14PM
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStrea...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus