The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don’t properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
[
{
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"product": "Toyoko Inn official App for iOS",
"versions": [
{
"version": "prior to 1.13.0",
"status": "affected"
}
]
},
{
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"product": "Toyoko Inn official App for Android",
"versions": [
{
"version": "prior 1.3.14",
"status": "affected"
}
]
}
]