CVE-2020-0460

Name of the Vulnerable Software and Affected Versions Android version 11

Description A logic error in the createNameCredentialDialog of CertInstaller.java could lead to improperly installed certificates, resulting in remote information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android version 11, consider restricting the installation of certificates until a patch is available to prevent potential remote information disclosure. As a temporary workaround, avoid using the createNameCredentialDialog function in CertInstaller.java until the issue is resolved.