Vulnerability identifier: #VU33682
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists within the app lock feature such as the pincode/pattern due to creating a backup of the ownCloud Android app via adb provides access to the app preferences file. An authenticated attacker with physical access can change the values, restore the backup to the device and circumvent the lock.
Install updates from vendor's website.
Vulnerable software versions
ownCloud Android App: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?