Flash Seats ticketing app users could get scalped by a MITM attack

News by Bradley Barth

The Flash Seats Mobile App for iOS, a sports and entertainment ticket management app, is vulnerable to man-in-the-middle attacks due to improper validation of SSL certificates provided by HTTPS connections.

The Flash Seats Mobile App for iOS, a sports and entertainment ticket management app, is vulnerable to man-in-the-middle attacks due to improper validation of SSL certificates provided by HTTPS connections. According to a vulnerability advisory by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University's Software Engineering Institute, there is no current patch.

Attacks who exploit this flaw, which is officially designated CVE-2017-3190, may be able to obtain sensitive account information such as login credentials, the CERT/CC warned on Wednesday.

To overcome this problem, the CERT/CC recommends using Flash Seats' website version instead of its mobile app. Users who risk using the app should at least avoid using public WiFi and other untrusted networks.

Will Dormann, a vulnerability analyst the CERT/CC, is credited with discovering the vulnerability.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events