Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
References
Link | Resource |
---|---|
http://mobitec.ie.cuhk.edu.hk/cve_2020/ | Permissions Required |
https://cwe.mitre.org/data/definitions/347.html | Technical Description |
https://www.dropbox.com/s/6smwnbrp0kgsgrc/poc_code.py?dl=0 | Third Party Advisory |
https://www.dropbox.com/s/czbkdr73tclq2nr/UnionPay_Vulnerability_Report.txt?dl=0 | Third Party Advisory |
http://mobitec.ie.cuhk.edu.hk/cve_2020/ | Permissions Required |
https://cwe.mitre.org/data/definitions/347.html | Technical Description |
https://www.dropbox.com/s/6smwnbrp0kgsgrc/poc_code.py?dl=0 | Third Party Advisory |
https://www.dropbox.com/s/czbkdr73tclq2nr/UnionPay_Vulnerability_Report.txt?dl=0 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://mobitec.ie.cuhk.edu.hk/cve_2020/ - Permissions Required | |
References | () https://cwe.mitre.org/data/definitions/347.html - Technical Description | |
References | () https://www.dropbox.com/s/6smwnbrp0kgsgrc/poc_code.py?dl=0 - Third Party Advisory | |
References | () https://www.dropbox.com/s/czbkdr73tclq2nr/UnionPay_Vulnerability_Report.txt?dl=0 - Third Party Advisory |
05 Nov 2022, 02:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cwe.mitre.org/data/definitions/347.html - Technical Description |
10 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-04-06 16:15
Updated : 2024-11-21 05:13
NVD link : CVE-2020-23533
Mitre link : CVE-2020-23533
CVE.ORG link : CVE-2020-23533
JSON object : View
Products Affected
unionpayintl
- union_pay
CWE
CWE-347
Improper Verification of Cryptographic Signature