Vulnerabilities > CVE-2013-7144 - Cryptographic Issues vulnerability in Linecorp Line

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

linecorp

CWE-310

NVD

Published: 2014-08-16

Updated: 2014-08-18

Summary

LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Linecorp Linecorp Line 3.1.18 Linecorp Line 3.1.19 Linecorp Line 3.1.20 Linecorp Line 3.1.21	4
OS	Microsoft Microsoft Windows *	1
OS	Apple Apple MAC OS X *	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://www.thaicert.or.th/papers/general/2013/pa2013ge010.html