PT-2019-18110 · Abine+1 · Abine Blur+1

Tyler Schroder

Published

2019-03-29

Updated

2021-07-21

CVE-2019-6481

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Abine Blur version 7.8.2431

Description The issue allows remote attackers to conduct Second-Factor Auth Bypass attacks. This is achieved by performing a right-click operation to access a forgotten dev menu, which enables the insertion of user passwords that would otherwise require a second-factor request in a mobile app. The issue is related to a Multifactor Auth Bypass and Full Disk Encryption Bypass problem affecting the Chrome Plugin component.

Recommendations For Abine Blur version 7.8.2431, consider disabling the affected Chrome Plugin component until a patch is available to prevent potential Second-Factor Auth Bypass attacks.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-6481

Affected Products

Abine Blur

Chrome Plugin

PT-2019-18110 · Abine+1 · Abine Blur+1

CVE-2019-6481

Weakness Enumeration

Related Identifiers

Affected Products

References · 6