CVE-2022-1955
N/A
N/A
Summary
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Session | 1.13.0 | affected |
Weaknesses
- Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://fluidattacks.com/advisories/tempest/
- https://github.com/oxen-io/session-android/pull/897
- https://github.com/oxen-io/session-android
References
- https://fluidattacks.com/advisories/tempest/
- https://github.com/oxen-io/session-android/pull/897
- https://github.com/oxen-io/session-android
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.