// For flags

CVE-2018-12446

 

Severity Score

3.6
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred

** EN DISPUTA ** Se ha descubierto un problema en la versión 98.2.2 de la aplicación com.dropbox.android para Android. La funcionalidad Passcode permite la omisión de autenticación mediante la manipulación en tiempo de ejecución que fuerza el valor de retorno de cierto método a ser "true". En otras palabras, un atacante podría autenticarse con una contraseña arbitraria. NOTA: el fabricante indica que este no es un ataque de interés en el contexto de su modelo de amenazas, que excluye a los dispositivos Android rooteados.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2018-06-15 CVE Reserved
  • 2018-06-20 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
https://gist.github.com/tanprathan/97b4c04ec6af4da62929e73214fddd1b Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dropbox
Search vendor "Dropbox"
 Dropbox
Search vendor "Dropbox" for product "Dropbox"
 98.2.2
Search vendor "Dropbox" for product "Dropbox" and version "98.2.2"
android
Affected