CVE-2021-32755
MEDIUMWire < 3.84 - Improper Certificate Validation in WebSocket Implementation
Title source: llmDescription
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v
Scores
CVSS v3
5.4
EPSS
0.0031
EPSS Percentile
22.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
Status
published
Products (1)
wire/wire
< 3.84
Published
Jul 13, 2021
Tracked Since
Feb 18, 2026