Authentication Bypass Using an Alternate Path or Channel

CVE-2019-5453

Medium

6.1/10

Summary

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

Advisory Timeline

Published Jul 30, 2019

Authentication Bypass Using an Alternate Path or Channel

CVE-2019-5453

Summary

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS