Description
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000102
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN17637243/index.html
Scores
EPSS
0.0013
EPSS Percentile
32.8%
Details
CWE
CWE-310
Status
published
Products (2)
amazon/kindle
4.4.0
amazon/kindle
< 4.4.4
Published
Aug 30, 2014
Tracked Since
Feb 18, 2026