Skip to content

Certificate pinning is not enforced on the web socket connection

High
raphaelrobert published GHSA-v8mx-h3vj-w39v Jul 12, 2021

Package

No package listed

Affected versions

3.82

Patched versions

3.84

Description

Impact

In the 3.82 version of the iOS application a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available.

Patches

Certificate pinning for the new websocket is enforced in 3.84 or above.

Severity

High

CVE ID

CVE-2021-32755

Weaknesses

No CWEs