LOW🇵🇱 Wersja polska

CVE-2018-12446

CVSS 3.6v3.0pub. 2018-06-20upd. 2024-11-21

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred

CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Dropbox

    APP
    Dropbox
    98.2.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-12171HIGH7.8ten sam produkt

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store...

CVE-2018-12271MEDIUM6.4ten sam produkt

An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (To...

CVE-2010-3354MEDIUM6.9ten sam produkt

dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local use...

CVE-2018-12445LOW3.1ten sam produkt

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager clas...

CVE-2024-25718CRITICAL9.8PL ✓ten sam vendor

Samly (Elixir): wygasłe sesje SAML nie są unieważniane — błąd kontroli dostępu