CVE-2023-27895

Name of the Vulnerable Software and Affected Versions SAP Authenticator for Android version 1.3.0

Description The issue allows an authorized attacker to capture the screen if a malicious app is installed on the mobile device. This could lead to the extraction of the currently viewed OTP and the secret OTP alphanumeric token during token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify or delete the data.

Recommendations For SAP Authenticator for Android version 1.3.0, consider restricting access to sensitive information until a patch is available. As a temporary workaround, avoid using the app for token setup until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.