- Risk: low
- CVSS v3 Base Score: 6.1
- CVSS v3 Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE ID: CWE-15
- CWE Name: External Control of System or Configuration Setting
Description
Given an attacker has physical access to the device, a faulty timestamp check allowed to bypass the app lock by setting the system date to the past.
Affected
- ownCloud Android App version < 2.15
Action taken
Use elapsed time method which is recommended for interval timing. This method is independent of the system time.