CVE-2025-61482

Name of the Vulnerable Software and Affected Versions privacyIDEA Authenticator version 4.3.0

Description A flaw exists in the handling of OTP/TOTP/HOTP values within the privacyIDEA Authenticator application on Android. A local attacker with root access can bypass two-factor authentication by intercepting decryption paths and recovering plaintext secrets. This allows the attacker to generate valid one-time passwords and gain access to enrolled accounts. The attack involves hooking into the application's cryptographic routines.

Recommendations Update to a newer version that contains a fix for this vulnerability.