Details of VAR-190001-1008

ID

VAR-190001-1008

TITLE

Pantech Link Mobile Browser Certificate Verification Security Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-3843

DESCRIPTION

Pantech Link is a mobile phone that supports 2.4\" LCD screen and full keyboard. The Pantech Link/P7040P browser SSL certificate parsing contains a vulnerability caused by the \"Basic Constraints\" parameter that does not correctly check the certificate in the chain. Use the legal final entity The certificate is signed with a new certificate, and the attacker can obtain a \"legal\" certificate for any domain. For example: -TrustedCA--somedomain.com (legitimate certificate)---api.someotherdomain.com (signed by somedomain.com) uses this technology Any SSL communication using the api.someotherdomain.com certificate can be transparently intercepted. The browser of Pantech Link Phones is prone to a security weakness because it fails to verify SSL certificates presented by a remote server. An attacker can exploit this weakness to masquerade as a legitimate server using a man-in-the-middle attack or to launch other attacks, such as phishing

Trust: 0.81

sources: CNVD: CNVD-2011-3843 // BID: 49755

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-3843

AFFECTED PRODUCTS

vendor:

pantech

model:

link p7040p

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2011-3843 // BID: 49755

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-544

TYPE

Design Error

Trust: 0.3

sources: BID: 49755

EXTERNAL IDS

db:	BID	id:	49755	Trust: 1.5
db:	CNVD	id:	CNVD-2011-3843	Trust: 0.6
db:	CNNVD	id:	CNNVD-201109-544	Trust: 0.6

sources: CNVD: CNVD-2011-3843 // BID: 49755 // CNNVD: CNNVD-201109-544

REFERENCES

url:	https://www.trustwave.com/spiderlabs/advisories/twsl2011-014.txt	Trust: 0.9
url:	http://www.securityfocus.com/bid/49755	Trust: 0.6
url:	http://www.pantechusa.com/phones/link	Trust: 0.3

sources: CNVD: CNVD-2011-3843 // BID: 49755 // CNNVD: CNNVD-201109-544

CREDITS

Trustwave

Trust: 0.9

sources: BID: 49755 // CNNVD: CNNVD-201109-544

SOURCES

db:	CNVD	id:	CNVD-2011-3843
db:	BID	id:	49755
db:	CNNVD	id:	CNNVD-201109-544

LAST UPDATE DATE

2022-05-17T01:55:33.183000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-3843	date:	2011-09-26T00:00:00
db:	BID	id:	49755	date:	2011-09-23T00:00:00
db:	CNNVD	id:	CNNVD-201109-544	date:	2011-09-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-3843	date:	2011-09-26T00:00:00
db:	BID	id:	49755	date:	2011-09-23T00:00:00
db:	CNNVD	id:	CNNVD-201109-544	date:	1900-01-01T00:00:00