Description
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.
References (2)
Core 2
Core References
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/
Third Party Advisory x_refsource_misc
https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/
Scores
CVSS v3
9.1
EPSS
0.0099
EPSS Percentile
57.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-319
Status
published
Products (1)
tinder/tinder
(2 CPE variants)
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026