Insecure Cryptographic Signature Verification in /e/OS App Lounge Allows Installation of Malicious Applications

Insecure Cryptographic Signature Verification in /e/OS App Lounge Allows Installation of Malicious Applications

CVE-2021-43171 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.

Learn more about our Cis Benchmark Audit For Server Software.