Man-in-the-Middle (MitM) Affecting ch.acra:acra Open this link in a new tab package, versions [,4.4.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
13 Mar 2017
16 Oct 2012
How to fix?
ch.acra:acra to version 4.4.0 or higher.
ch.acra:acra is a library that handles Application Crash Reports for Android.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.