Description
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Samsung Mobile / Samsung Passunspecified – 4.0.06.7