PT-2018-11179 · Dropbox · Com.Dropbox.Android
Boonpoj Thongakaraniroj
+1
·
Published
2018-06-20
·
Updated
2024-08-05
·
CVE-2018-12446
CVSS v3.1
3.6
Low
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
com.dropbox.android version 98.2.2
Description
An issue in the Passcode feature allows authentication bypass via runtime manipulation, forcing a certain method's return value to
true, enabling an attacker to authenticate with an arbitrary passcode. The vendor notes that this is not considered an attack of interest within their threat model, specifically excluding Android devices on which rooting has occurred.Recommendations
For version 98.2.2, consider disabling the Passcode feature until a patch is available to prevent authentication bypass via runtime manipulation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Com.Dropbox.Android