7.2
CVSSv2

CVE-2015-3860

Published: 01/10/2015 Updated: 01/10/2015
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x prior to 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate malicious users to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.

Vendor Advisories

We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process (Build LMY48M) The updates for Nexus devices and source code patches for these issues have also been released to the Android Open Source Project (AOSP) source repository The most severe of these ...

Github Repositories

Android Security Resources.

所有收集类项目 Android Android安全资源收集,初版。600+工具,1500+文章 English Version 目录 资源收集 (11) Github Repo 知名分析工具 ClassyShark -> (3)工具 (7)文章 jeb -> (14)工具 (50)文章 enjarify -> (2)工具 (1)文章 androguard -> (5)工具 (14)文章 jadx -> (3)工具 (3)文章 jd-gui -&a

Recent Articles

Researchers make easy work of Android lockscreen security
welivesecurity • Karl Thomas • 16 Sep 2015

Security features on Android smartphones can easily be bypassed by cybercriminals, even if the device is protected by encryption, it has been revealed.
Researchers from the University of Texas at Austin discovered that as a result of the vulnerability in Android 5.x (CVE-2015-3860), attackers can circumvent Android lockscreen security and take control of the smartphone.
“By manipulating a sufficiently large string in the password field when the camera app is active an attacker is a...