SSL Pinning Bypass Vulnerability in Starscream WebSocket.swift (before 2.0.4)

SSL Pinning Bypass Vulnerability in Starscream WebSocket.swift (before 2.0.4)

CVE-2017-7192 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

Learn more about our Web Application Penetration Testing UK.