Biometric Authentication Bypass

Owncloud Security Advisory

  • Risk: medium
  • CVSS v3 Base Score: 4.0
  • CVSS v3 Vector: AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X
  • CWE ID: 284
  • CWE Name: Improper Access Control
  • CVE: CVE-2024-26322

Description

Improper validation in the Biometric authentication process may allow an attacker to bypass that process and gain unauthorized access.This attack requires physical access to the vulnerable device.

Affected

  • ownCloud for Android (com.owncloud.android) < 4.2.0

Action taken

Upgrade ownCloud for Android to version 4.2.0 or above

READ MORE