Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake
Apr 21 2017 04:14PM
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStrea...
[ more ]
Copyright 2010, SecurityFocus