CPE matches: cpe:2.3:a:magicstamp:magic_stamp:2.8:*:*:*:*:android:*:*
The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- Limited modification of data and/or system files.
- Limited access to information.
- Reduced performance (partial DoS).
- Attacking requires physical proximity to the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
Damage and attack conditions obtained from AV:A/AC:M/Au:N/C:P/I:P/A:P (CVSSv2)