Amazon Kindle for Android < 4.5.0 SSL Certificate Validation Security Bypass

Medium Nessus Network Monitor Plugin ID 8373


The Android device is running a vulnerable version of Amazon Kindle.


Versions prior to Amazon Kindle for Android 4.5.0 are affected by a potential man-in-the-middle vulnerability as a result of not verifying the X.509 certificates of SSL servers. An attacker may thus impersonate a server to eavesdrop or modify encrypted communication.


Update to Kindle for Android version 4.5.0, or later, from the Google Play store.

See Also

Plugin Details

Severity: Medium

ID: 8373

Family: Web Clients

Published: 2014/09/05

Modified: 2016/12/06

Dependencies: 5287

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 4.7

Temporal Score: 4.1


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:amazon:kindle_for_android

Patch Publication Date: 2014/08/29

Vulnerability Publication Date: 2014/08/29

Reference Information

CVE: CVE-2014-3908

BID: 69492