Skip to content

Instantly share code, notes, and snippets.

Prathan Phongthiproek tanprathan

View GitHub Profile
@tanprathan
tanprathan / CVE-2018-15543.txt
Last active Oct 28, 2018
Telegram CVE-2018-15543 Information
View CVE-2018-15543.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the
> Android keyGenerator class is not implemented. In other words, an
> attacker could authenticate with an arbitrary fingerprint. NOTE: the
> vendor indicates that this is not an attack of interest within the
> context of their threat model, which excludes Android devices on which
@tanprathan
tanprathan / CVE-2018-15542.txt
Last active Oct 30, 2018
Telegram CVE-2018-15542 Information
View CVE-2018-15542.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>
@tanprathan
tanprathan / CVE-2018-13446.txt
Created Aug 13, 2018
LINE CVE-2018-13446 Information
View CVE-2018-13446.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line
> application 8.8.1 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a
> certain method's return value to true. In other words, an attacker
> could authenticate with an arbitrary passcode. NOTE: the vendor
> indicates that this is not an attack of interest within the context
> of their threat model, which excludes Android devices on which
> rooting has occurred.
>
@tanprathan
tanprathan / CVE-2018-13435.txt
Last active Aug 13, 2018
LINE CVE-2018-13435 Information
View CVE-2018-13435.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The Passcode feature allows authentication bypass via
> runtime manipulation that forces a certain method to disable passcode
> authentication. NOTE: the vendor indicates that this is not an attack
> of interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.
>
> ------------------------------------------
>
@tanprathan
tanprathan / CVE-2018-13434.txt
Created Aug 13, 2018
LINE CVE-2018-13434 Information
View CVE-2018-13434.txt
> [Ddescription]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation
> allows authentication bypass by overriding the LAContext return Boolean
> value to be "true" because the kSecAccessControlUserPresence
> protection mechanism is not used. In other words, an attacker could
> authenticate with an arbitrary fingerprint. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes iOS devices on which a jailbreak has
> occurred.
@tanprathan
tanprathan / CVE-2018-12446.txt
Last active Jun 20, 2018
Dropbox CVE-2018-12446 Information
View CVE-2018-12446.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>
@tanprathan
tanprathan / CVE-2018-12445.txt
Last active Jun 19, 2018
Dropbox CVE-2018-12445 Information
View CVE-2018-12445.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the Android
> keyGenerator class is not implemented. In other words, an attacker
> could authenticate with an arbitrary fingerprint. NOTE: the vendor
> indicates that this is not an attack of interest within the context of
> their threat model, which excludes Android devices on which rooting
@tanprathan
tanprathan / CVE-2018-12271.txt
Last active Jun 14, 2018
Dropbox CVE-2018-12271 Information
View CVE-2018-12271.txt
> [Description]
> ** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox
> app 100.2 for iOS. The LAContext class for Biometric (TouchID)
> validation allows authentication bypass by overriding the LAContext
> return Boolean value to be "true" because the
> kSecAccessControlUserPresence protection mechanism is not used. In
> other words, an attacker could authenticate with an arbitrary
> fingerprint. NOTE: the vendor indicates that this is not an attack of
> interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.
You can’t perform that action at this time.