Main Vulnerability Database Vulnerabilities #VU26865

Improper Authentication in Microsoft Your Phone Companion App for Android - CVE-2020-0943

Published: April 14, 2020

Vulnerability identifier: #VU26865

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0943

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Your Phone Companion App for Android

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. An attacker with physical access to the device can bypass authentication process and view notifications.

How to mitigate CVE-2020-0943

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943

Improper Authentication in Microsoft Your Phone Companion App for Android - CVE-2020-0943

Detailed vulnerability description

How to mitigate CVE-2020-0943

Sources

Please verify you're human