Weak Certificate-Pinning Implementation in Ascensia Contour NEXT ONE iOS App Allows Disclosure of Medical Information

Weak Certificate-Pinning Implementation in Ascensia Contour NEXT ONE iOS App Allows Disclosure of Medical Information

CVE-2018-18975 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.

Learn more about our Cis Benchmark Audit For Apple Ios.