Campo | 28/03/2022 22h37 | 27/12/2022 14h33 | 27/12/2022 14h34 |
---|
vendor | Mirmay | Mirmay | Mirmay |
name | Secure Private Browser / File Manager | Secure Private Browser / File Manager | Secure Private Browser / File Manager |
version | <=2.5 | <=2.5 | <=2.5 |
platform | iPad | iPad | iPad |
component | Auto Lock | Auto Lock | Auto Lock |
discoverydate | 1504137600 | 1504137600 | 1504137600 |
vendorinformdate | 1504137600 | 1504137600 | 1504137600 |
risk | 1 | 1 | 1 |
historic | 0 | 0 | 0 |
cvss2_vuldb_basescore | 1.7 | 1.7 | 1.7 |
cvss2_vuldb_tempscore | 1.6 | 1.6 | 1.6 |
cvss2_vuldb_av | L | L | L |
cvss2_vuldb_ac | L | L | L |
cvss2_vuldb_au | S | S | S |
cvss2_vuldb_ci | P | P | P |
cvss2_vuldb_ii | N | N | N |
cvss2_vuldb_ai | N | N | N |
cvss3_meta_basescore | 3.3 | 3.3 | 3.0 |
cvss3_meta_tempscore | 3.3 | 3.3 | 3.0 |
cvss3_vuldb_basescore | 3.3 | 3.3 | 3.3 |
cvss3_vuldb_tempscore | 3.3 | 3.3 | 3.3 |
developer_mail | maru@****.** | maru@****.** | maru@****.** |
cvss3_vuldb_av | L | L | L |
cvss3_vuldb_ac | L | L | L |
cvss3_vuldb_pr | L | L | L |
cvss3_vuldb_ui | N | N | N |
cvss3_vuldb_s | U | U | U |
cvss3_vuldb_c | L | L | L |
cvss3_vuldb_i | N | N | N |
cvss3_vuldb_a | N | N | N |
advisoryquote | However, there is an indication that the app doesn’t correctly follow the sequence of actions at this specific point. When the video minimizes and the app opens again, LocalAuthentication should be used to close the video or display an overlay before the initial authentication. Only then should the modal dialog box for authentication be displayed. | However, there is an indication that the app doesn’t correctly follow the sequence of actions at this specific point. When the video minimizes and the app opens again, LocalAuthentication should be used to close the video or display an overlay before the initial authentication. Only then should the modal dialog box for authentication be displayed. | However, there is an indication that the app doesn’t correctly follow the sequence of actions at this specific point. When the video minimizes and the app opens again, LocalAuthentication should be used to close the video or display an overlay before the initial authentication. Only then should the modal dialog box for authentication be displayed. |
date | 1517443200 (01/02/2018) | 1517443200 (01/02/2018) | 1517443200 (01/02/2018) |
location | Youtube | Youtube | Youtube |
type | Video | Video | Video |
url | https://www.scip.ch/en/?labs.20180201 | https://www.scip.ch/en/?labs.20180201 | https://www.scip.ch/en/?labs.20180201 |
identifier | Labs 20180201 | Labs 20180201 | Labs 20180201 |
coordination | 1 | 1 | 1 |
person_name | Marc Ruef | Marc Ruef | Marc Ruef |
person_mail | maru@****.** | maru@****.** | maru@****.** |
person_website | http://www.computec.ch/mruef/ | http://www.computec.ch/mruef/ | http://www.computec.ch/mruef/ |
company_name | scip AG | scip AG | scip AG |
disputed | 0 | 0 | 0 |
availability | 1 | 1 | 1 |
date | 1517443200 (01/02/2018) | 1517443200 (01/02/2018) | 1517443200 (01/02/2018) |
publicity | 1 | 1 | 1 |
url | https://youtu.be/cd6nbos-BI0 | https://youtu.be/cd6nbos-BI0 | https://youtu.be/cd6nbos-BI0 |
developer_name | Marc Ruef | Marc Ruef | Marc Ruef |
developer_website | http://www.computec.ch/mruef/ | http://www.computec.ch/mruef/ | http://www.computec.ch/mruef/ |
language | Video | Video | Video |
price_0day | $0-$5k | $0-$5k | $0-$5k |
advisoryquote | A few criteria must be met for this vulnerability to occur and be exploited. Basically, a certain degree of incorrect use is required. Still, it is possible to inadvertently create this situation and thus nullify the core security function of the app. | A few criteria must be met for this vulnerability to occur and be exploited. Basically, a certain degree of incorrect use is required. Still, it is possible to inadvertently create this situation and thus nullify the core security function of the app. | A few criteria must be met for this vulnerability to occur and be exploited. Basically, a certain degree of incorrect use is required. Still, it is possible to inadvertently create this situation and thus nullify the core security function of the app. |
videolink | https://youtu.be/cd6nbos-BI0 | https://youtu.be/cd6nbos-BI0 | https://youtu.be/cd6nbos-BI0 |
cvss2_vuldb_e | F | F | F |
cvss2_vuldb_rl | U | U | U |
cvss2_vuldb_rc | C | C | C |
cvss3_vuldb_e | F | F | F |
cvss3_vuldb_rl | U | U | U |
cvss3_vuldb_rc | C | C | C |
0day_days | 1 | 1 | 1 |
falsepositive | 0 | 0 | 0 |
cwe | 287 (Fraca autenticação) | 287 (Fraca autenticação) | 287 (Fraca autenticação) |
cve | CVE-2018-25030 | CVE-2018-25030 | CVE-2018-25030 |
cve_cna | VulDB | VulDB | VulDB |
responsible | VulDB | VulDB | VulDB |
name | Alternativa | Alternativa | Alternativa |
cve_assigned | | 1643324400 (28/01/2022) | 1643324400 (28/01/2022) |
cve_nvd_summary | | A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. |
cvss3_nvd_av | | | L |
cvss3_nvd_ac | | | H |
cvss3_nvd_pr | | | L |
cvss3_nvd_ui | | | N |
cvss3_nvd_s | | | U |
cvss3_nvd_c | | | L |
cvss3_nvd_i | | | N |
cvss3_nvd_a | | | N |
cvss2_nvd_av | | | L |
cvss2_nvd_ac | | | M |
cvss2_nvd_au | | | N |
cvss2_nvd_ci | | | P |
cvss2_nvd_ii | | | N |
cvss2_nvd_ai | | | N |
cvss3_cna_av | | | L |
cvss3_cna_ac | | | L |
cvss3_cna_pr | | | L |
cvss3_cna_ui | | | N |
cvss3_cna_s | | | U |
cvss3_cna_c | | | L |
cvss3_cna_i | | | N |
cvss3_cna_a | | | N |
cvss2_nvd_basescore | | | 1.9 |
cvss3_nvd_basescore | | | 2.5 |
cvss3_cna_basescore | | | 3.3 |