CVE-2024-45833

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions <=2.18.0

Description: The issue arises when the Mattermost Mobile Apps fail to disable autocomplete during login while typing the password and the visible password option is selected. This allows the password to be saved in the dictionary if the user has Swiftkey as the default keyboard and the password contains a special character. The masking of the password must be off for this issue to occur.

Recommendations: For Mattermost Mobile Apps versions <=2.18.0, update to a version higher than 2.18.0 to resolve the issue. As a temporary workaround, consider disabling the autocomplete feature in the Swiftkey keyboard settings or avoiding the use of special characters in passwords until a patch is available. Additionally, restricting access to the login feature or using a different keyboard can minimize the risk of exploitation.