Отправить #764705: Freedom Factory dGEN1 phone 1 Broken AuthorizationИнформация

Название	Freedom Factory dGEN1 phone 1 Broken Authorization
Описание	A broken authorization vulnerability exists in the Android wallet application org.ethereumphone.walletmanager.testing123 on the Freedom Factory dGEN1 phone. An exported ContentProvider exposes user wallet balance data without enforcing read permissions or caller validation. As a result, any unprivileged local application can enumerate a user’s token balances and, through blockchain cross-referencing, infer the user’s wallet address and on-chain holdings.
Источник	⚠️ https://gist.github.com/Lytes/0a270c1d6e65a7312147b5d128dd34b6
Пользователь	Anonymous User
Представление	21.02.2026 06:07 (2 месяцы назад)
Модерация	06.03.2026 21:53 (14 days later)
Статус	принято
Запись VulDB	349559 [Freedom Factory dGEN1 до 20260221 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider эскалация привилегий]
Баллы	20

Do you know our Splunk app?

Download it now for free!