Amazon Kindle for Android < 4.5.0 SSL Certificate Validation Security Bypass
Medium Nessus Network Monitor Plugin ID 8373
SynopsisThe Android device is running a vulnerable version of Amazon Kindle.
DescriptionVersions prior to Amazon Kindle for Android 4.5.0 are affected by a potential man-in-the-middle vulnerability as a result of not verifying the X.509 certificates of SSL servers. An attacker may thus impersonate a server to eavesdrop or modify encrypted communication.
SolutionUpdate to Kindle for Android version 4.5.0, or later, from the Google Play store.