Kiiroo DVE Reports

Kiiroo DVE Reports

Kiiroo

Website: https://www.kiiroo.com/
Vulnerability disclosure address: security@kiiroo.com
Vulnerability disclosure site: http://www.kiiroo.com/security/
Status: Trusted Partner Vendor

DVE-2017-18

  • Date Posted:4/2/2017
  • Type of Vulnerability: Multiple SSL/TLS implementation issues in domains accessed by mobile app
  • Products affected: Versions prior to Feelconnect, FeelPerformer and FeelVR prior to versions v1.3.4
  • Found and reported by: RenderMan
  • Date Reported: 1/26/2017
  • Description: Various Kiiroo domains and those of third party services used by Kiiroo receive less than 'A' ratings from ssllabs.com and are vulnerable to known exploits
  • Remediation: Kiiroo domains now all receive 'A' ratings from ssllabs.com and progress is being made to have third party services upgrade as well