Unverified Server Hostname Vulnerability in PayPal iOS App

Unverified Server Hostname Vulnerability in PayPal iOS App

CVE-2010-4211 · LOW Severity

AV:A/AC:M/AU:N/C:P/I:N/A:N

The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.

Learn more about our Cis Benchmark Audit For Apple Ios.