PT-2018-6417 · Huawei · Hiwallet App
Published
2018-03-09
·
Updated
2019-10-03
·
CVE-2017-17149
CVSS v3.1
3.9
Low
| Vector | AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Huawei HiWallet App versions prior to 8.0.4
Description:
The issue allows an attacker with root privilege to bypass Huawei ID verification during lock pattern change by performing a special operation. This can enable the attacker to change the lock pattern of HiWallet. The vulnerability exists because the app fails to properly verify the user's Huawei ID when changing the lock pattern.
Recommendations:
For versions prior to 8.0.4, update to version 8.0.4 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hiwallet App