CVE-2017-8059

HIGH

Foxit PDF < 5.4 for iOS - Improper Certificate Validation

Title source: llm

Description

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 1.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-295

Status published

Products (2)

foxitsoftware/foxit_pdf 5.2.1

foxitsoftware/foxit_pdf 5.3.2

Published May 05, 2017

Tracked Since Feb 18, 2026