CVE-2018-6018

Medienbericht

EPSS 0.99%
Veröffentlicht 24.01.2018 15:29:01
Zuletzt bearbeitet 21.11.2024 04:09:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tinder ≫ Tinder Version- SwPlatformiphone_os

Tinder ≫ Tinder Version- SwPlatformandroid

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.578

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.checkmarx.com/2018/01/23/tinder-someone-may-watching-swipe-2/

Third Party Advisory

https://www.wired.com/story/tinder-lack-of-encryption-lets-strangers-spy-on-swipes/

Third Party Advisory

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2018-6018

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6018

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6018

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-6018