Insecure Update Process Allows for MITM Exploitation and Installation of Malicious Content

Insecure Update Process Allows for MITM Exploitation and Installation of Malicious Content

CVE-2021-41067 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.

Learn more about our Web Application Penetration Testing UK.