Weak Certificate-Pinning Implementation in Ascensia Contour NEXT ONE iOS App Allows Disclosure of Medical Information
CVE-2018-18975 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
Learn more about our Cis Benchmark Audit For Apple Ios.