PT-2021-23537 · Rcdevs · Rcdevs Openotp

Valentin Giannini

Published

2021-11-10

Updated

2022-07-12

CVE-2021-42111

CVSS v3.1

5.5

Medium

Vector

AC:L/AV:L/A:N/C:H/I:N/PR:L/S:U/UI:N

Name of the Vulnerable Software and Affected Versions RCDevs OpenOTP app versions 1.4.13 through 1.4.14

Description An issue was discovered in the RCDevs OpenOTP app for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The issue is resolved in version 1.4.1631262629, which stores a hash PIN code.

Recommendations For versions 1.4.13 and 1.4.14, update to version 1.4.1631262629 to resolve the issue by storing a hash PIN code.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-42111

Affected Products

Rcdevs Openotp

PT-2021-23537 · Rcdevs · Rcdevs Openotp

CVE-2021-42111

Related Identifiers

Affected Products

References · 6