mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
1.3 KiB
1.3 KiB
CVE-2016-2402
Description
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
POC
Reference
Github
- https://github.com/DimSim101/Xam-Sec
- https://github.com/dotanuki-labs/android-oss-cves-research
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/ikoz/cert-pinning-flaw-poc
- https://github.com/ikoz/certPinningVulnerableOkHttp