Acceptance of Invalid TLS Certificates in Foxit PDF iOS App Allows Silent Interception of Login Information

Acceptance of Invalid TLS Certificates in Foxit PDF iOS App Allows Silent Interception of Login Information

CVE-2017-8059 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.

Learn more about our Cis Benchmark Audit For Apple Ios.