Information Disclosure Vulnerability in Conscrypt and BoringSSL in Android

Information Disclosure Vulnerability in Conscrypt and BoringSSL in Android

CVE-2016-6709 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High because it could be used to access data without permission. Android ID: A-31081987.

Learn more about our Cis Benchmark Audit For Google Android.