Published: 14/12/2013 Updated: 18/12/2013

CVSS v2 Base Score: 8.8 | Impact Score: 9.2 | Exploitability Score: 8.6

VMScore: 920

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:N

Android 4.0 up to and including 4.3 allows malicious users to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 4.2.1
google android 4.0
google android 4.2
google android 4.0.2
google android 4.0.3
google android 4.0.4
google android 4.1
google android 4.3
google android 4.2.2
google android 4.0.1
google android 4.1.2

Thought your Android phone was locked? THINK AGAIN

The Register • Richard Chirgwin • 10 Dec 2013

Another day, another vulnerability

Android has taken another step to cement its place behind Java in the world of repeatedly-vulnerable software, with German group Curesec discovering that an attacker can get past users' PINs to unlock the phone. In fact, the Curesec post states, the bug – present in Android 4.0 to 4.3 but not 4.4 – exposes any locking technique: PINs, passwords, gestures or facial recognition. “The bug exists on the 'com.android.settings. ChooseLockGeneric class'. This class is used to allow the user to mo...

CVE-2013-6271

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect