CVEs-PoC/2016/CVE-2016-2402.md at cdcd7c498c18baa8bffbb57c8157fdc41f9fc070

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 18:35:21 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.

POC

Reference

https://koz.io/pinning-cve-2016-2402/

Github

https://github.com/DimSim101/Xam-Sec
https://github.com/dotanuki-labs/android-oss-cves-research
https://github.com/hinat0y/Dataset1
https://github.com/hinat0y/Dataset10
https://github.com/hinat0y/Dataset11
https://github.com/hinat0y/Dataset12
https://github.com/hinat0y/Dataset2
https://github.com/hinat0y/Dataset3
https://github.com/hinat0y/Dataset4
https://github.com/hinat0y/Dataset5
https://github.com/hinat0y/Dataset6
https://github.com/hinat0y/Dataset7
https://github.com/hinat0y/Dataset8
https://github.com/hinat0y/Dataset9
https://github.com/ikoz/cert-pinning-flaw-poc
https://github.com/ikoz/certPinningVulnerableOkHttp

1.3 KiB Raw Blame History

CVE-2016-2402

Description

POC

Reference

Github

1.3 KiB

Raw Blame History