Vulnerability CVE-2022-23849


Published: 2022-03-03

Description:
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Devolutions -> Password hub 

 References:
https://devolutions.net/security/advisories/DEVO-2022-0001
https://devolutions.net/security/advisories/

Copyright 2024, cxsecurity.com

 

Back to Top