Products
Mattermost Mobile Apps
- <=2.18.0
Source
responsibledisclosure@mattermost.com
Tags
CVE-2024-45833 details
Published : Sept. 16, 2024, 7:15 a.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Last Modified : Sept. 16, 2024, 3:30 p.m.
Description
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..
CVSS Score
| 1 | 2 | 3 | 4.5 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
4.5
Exploitability Score
0.9
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://mattermost.com/security-updates | responsibledisclosure@mattermost.com |
This website uses the NVD API, but is not approved or certified by it.