Bypassing App Lock (Pattern/Passcode/Fingerprint lock | Android) (oC-SA-2020-003)

Platform: Mobile Clients

Versions:

Date: 8/3/2020

  • Risk: low
  • CVSS v3 Base Score: 3.9
  • CVSS v3 Vector: AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
  • CWE ID: CWE-312
  • CWE Name: Cleartext Storage of Sensitive Information

Description

Given an attacker has physical access, creating a backup of the ownCloud Android app via adb provides access to the app preferences file.
Contained in the file were settings related to the app lock feature such as the pincode/pattern and if the respective lock is active. An attacker could change the values and restore the backup to the device which allows the attacker to circumvent the lock.

Affected

– ownCloud Android App version < 2.15

Action taken

Disallow back up of app data

Your secure file platform

Boost your productivity and enable collaboration within your organization. 

Install Server

The backbone of secure file sharing

Start Online

Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.

Download Mobile Apps

Bring your productivity game to the next level. Download our Android or iOS app from the app stores.