Vulnerabilities > CVE-2012-1244 - Cryptographic Issues vulnerability in Nttdocomo Spmode Mail Android

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nttdocomo

CWE-310

NVD

Published: 2012-04-27

Updated: 2024-11-21

Summary

The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Nttdocomo Nttdocomo Spmode Mail Android 3000 Nttdocomo Spmode Mail Android 4900 Nttdocomo Spmode Mail Android 4800 Nttdocomo Spmode Mail Android 4500 Nttdocomo Spmode Mail Android 5200 Nttdocomo Spmode Mail Android 2546 Nttdocomo Spmode Mail Android 2631 Nttdocomo Spmode Mail Android 3100 Nttdocomo Spmode Mail Android 3200 Nttdocomo Spmode Mail Android 3300 Nttdocomo Spmode Mail Android 3400 Nttdocomo Spmode Mail Android 4000 Nttdocomo Spmode Mail Android 4200 Nttdocomo Spmode Mail Android 4300 Nttdocomo Spmode Mail Android 4400 Nttdocomo Spmode Mail Android 4600 Nttdocomo Spmode Mail Android 4700 Nttdocomo Spmode Mail Android 5000 Nttdocomo Spmode Mail Android 5100 Nttdocomo Spmode Mail Android 5300 Nttdocomo Spmode Mail Android 5400	21

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References