Detections
Analytics
Amazon Kindle for Android < 4.5.0 SSL Certificate Validation Security Bypass
medium Nessus Network Monitor Plugin ID 8373
Synopsis
The Android device is running a vulnerable version of Amazon Kindle.Description
Versions prior to Amazon Kindle for Android 4.5.0 are affected by a potential man-in-the-middle vulnerability as a result of not verifying the X.509 certificates of SSL servers. An attacker may thus impersonate a server to eavesdrop or modify encrypted communication.Solution
Update to Kindle for Android version 4.5.0, or later, from the Google Play store.See Also
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102
https://play.google.com/store/apps/details?id=com.amazon.kindle
Plugin Details
Severity: Medium
ID: 8373
Family: Web Clients
Published: 9/5/2014
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 4.8
Temporal Score: 4.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:amazon:kindle_for_android
Patch Publication Date: 8/29/2014
Vulnerability Publication Date: 8/29/2014
Reference Information
CVE: CVE-2014-3908
BID: 69492