Title: Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS
CVE ID: CVE-2022-46496
CVSSv3 Base Score: 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Products: BTicino DoorEntry HOMETOUCH for iOS
Advisory Release Date: 6 February 2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-46496
Credits: Discovery by Bruno Morisson
The application does not correctly validate TLS certs when connecting to a specific endpoint, making it possible to perform MITM attacks and obtain user login credentials.