Biometric Authentication Bypass

Apr 19, 2024

  • Risk: medium
  • CVSS v3 Base Score: 4.0
  • CVSS v3 Vector: AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X
  • CWE ID: 284
  • CWE Name: Improper Access Control
  • CVE: CVE-2024-26322

Description

Improper validation in the Biometric authentication process may allow an attacker to bypass that process and gain unauthorized access. This attack requires physical access to the vulnerable device.

Affected

  • ownCloud for Android (com.owncloud.android) < 4.2.0

Action taken

Upgrade ownCloud for Android to version 4.2.0 or above