PT-2018-11179 · Dropbox · Com.Dropbox.Android

Boonpoj Thongakaraniroj

Publicado

2018-06-20

Atualizado

2024-08-05

CVE-2018-12446

CVSS v3.1

3.6

Baixa

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions com.dropbox.android version 98.2.2

Description An issue in the Passcode feature allows authentication bypass via runtime manipulation, forcing a certain method's return value to true, enabling an attacker to authenticate with an arbitrary passcode. The vendor notes that this is not considered an attack of interest within their threat model, specifically excluding Android devices on which rooting has occurred.

Recommendations For version 98.2.2, consider disabling the Passcode feature until a patch is available to prevent authentication bypass via runtime manipulation.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-12446

Produtos afetados

Com.Dropbox.Android

PT-2018-11179 · Dropbox · Com.Dropbox.Android

CVE-2018-12446

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4