SB2020041428 - Improper Authentication in Microsoft YourPhone Application for Android
Published: April 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Authentication (CVE-ID: CVE-2020-0943)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. An attacker with physical access to the device can bypass authentication process and view notifications.
Remediation
Install update from vendor's website.