CVE-2017-5901 Explained : Impact and Mitigation

State Bank Anywhere iOS app 5.1.0 by State Bank of India lacks SSL server certificate verification, allowing man-in-the-middle attacks.

Understanding CVE-2017-5901

The iOS version of the State Bank Anywhere app 5.1.0 has a critical security vulnerability that exposes users to man-in-the-middle attacks.

What is CVE-2017-5901?

The State Bank Anywhere iOS app 5.1.0, developed by the State Bank of India, fails to verify X.509 certificates from SSL servers, enabling malicious actors to intercept sensitive data through spoofed servers.

The Impact of CVE-2017-5901

This vulnerability allows attackers to deceive users by impersonating legitimate servers, leading to the unauthorized access of confidential information.

Technical Details of CVE-2017-5901

The technical aspects of the CVE-2017-5901 vulnerability are as follows:

Vulnerability Description

The State Bank Anywhere iOS app 5.1.0 does not validate X.509 certificates from SSL servers.

Affected Systems and Versions

Product: State Bank Anywhere app
Vendor: State Bank of India
Version: 5.1.0

Exploitation Mechanism

Attackers can exploit this flaw to conduct man-in-the-middle attacks, intercepting data between users and servers.

Mitigation and Prevention

Protect your systems and data from CVE-2017-5901 with these measures:

Immediate Steps to Take

Avoid using the vulnerable version of the State Bank Anywhere iOS app.
Exercise caution while accessing sensitive information through unsecured networks.

Long-Term Security Practices

Regularly update the app to the latest secure version.
Educate users about the risks of unsecured connections and the importance of verifying SSL certificates.

Patching and Updates

Stay informed about security updates and patches released by the State Bank of India for the State Bank Anywhere app.