CVE-2020-35138
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. NOTE: It has been asserted that there is no causality or connection between credential encryption and the MiTM attack
** EN DISPUTA ** Los agentes de MobileIron hasta el 2021-03-22 para Android e iOS contienen una clave de cifrado codificada, utilizada para cifrar el envío de los detalles de nombre de usuario/contraseña durante el proceso de autenticación, tal y como demuestra Mobile@Work (también conocido como com.mobileiron). La clave se encuentra en el archivo com/mobileiron/common/utils/C4928m.java. NOTA: Se ha afirmado que no existe ninguna causalidad o conexión entre el cifrado de credenciales y el ataque MiTM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-11 CVE Reserved
- 2021-03-29 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US | Product | |
https://www.ivanti.com/blog/a-warranted-response-to-inaccurate-optiv-research | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mobileiron Search vendor "Mobileiron" | Mobile\@work Search vendor "Mobileiron" for product "Mobile\@work" | <= 2021-03-22 Search vendor "Mobileiron" for product "Mobile\@work" and version " <= 2021-03-22" | android |
Affected
| ||||||
Mobileiron Search vendor "Mobileiron" | Mobile\@work Search vendor "Mobileiron" for product "Mobile\@work" | <= 2021-03-22 Search vendor "Mobileiron" for product "Mobile\@work" and version " <= 2021-03-22" | iphone_os |
Affected
|