PT-2018-6417 · Huawei · Hiwallet App
Publicado
2018-03-09
·
Atualizado
2019-10-03
·
CVE-2017-17149
CVSS v3.1
3.9
Baixa
| Vetor | AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Huawei HiWallet App versions prior to 8.0.4
Description:
The issue allows an attacker with root privilege to bypass Huawei ID verification during lock pattern change by performing a special operation. This can enable the attacker to change the lock pattern of HiWallet. The vulnerability exists because the app fails to properly verify the user's Huawei ID when changing the lock pattern.
Recommendations:
For versions prior to 8.0.4, update to version 8.0.4 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Hiwallet App