Improper Authentication in Google Android - CVE-2018-21062

 

Improper Authentication in Google Android - CVE-2018-21062

Published: April 8, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34490
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-21062
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018).


How to mitigate CVE-2018-21062

Install update from vendor's website.

Sources