CVE-2020-35207

Name of the Vulnerable Software and Affected Versions LogMein LastPass Password Manager version 4.8.11.2403

Description An issue was discovered in the LogMein LastPass Password Manager app for iOS, where the PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation, allowing an attacker to authenticate with an arbitrary PIN. The vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices.

Recommendations For version 4.8.11.2403, as a temporary workaround, consider implementing additional security measures to prevent runtime manipulation, such as restricting access to sensitive data or using alternative authentication methods. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.