| عنوان | Freedom Factory dGEN1 phone 1 Broken Authorization |
|---|
| الوصف | A broken authorization vulnerability exists in the Android wallet application org.ethereumphone.walletmanager.testing123 on the Freedom Factory dGEN1 phone. An exported ContentProvider exposes user wallet balance data without enforcing read permissions or caller validation.
As a result, any unprivileged local application can enumerate a user’s token balances and, through blockchain cross-referencing, infer the user’s wallet address and on-chain holdings. |
|---|
| المصدر | ⚠️ https://gist.github.com/Lytes/0a270c1d6e65a7312147b5d128dd34b6 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 21/02/2026 06:07 AM (2 أشهر منذ) |
|---|
| الاعتدال | 06/03/2026 09:53 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 349559 [Freedom Factory dGEN1 حتى 20260221 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|