CVE-2014-5948 – The Obama for America (aka com.barackobama.ofa) application 1.02 for Andr

The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5948

Reference (s):

• CERT-VN:VU#474521
• URL: http://www.kb.cert.org/vuls/id/474521
• CERT-VN:VU#582497
• URL: http://www.kb.cert.org/vuls/id/582497
• https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing