CVE-2018-12446

LOW Year: 2018
CVSS v3 Score
3.6
Low
CVSS v2 Score
3.3
Low
Weakness Type
CWE-287
View all →

Vulnerability Description

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred

Related Vulnerabilities

CVE-2017-1520

LOW
CVSS:3.7(Low)

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

CWE-2872017

CVE-2018-16738

LOW
CVSS:3.7(Low)

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

CWE-2872018

CVE-2019-5252

LOW
CVSS:3.5(Low)

There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Su...

CWE-2872019

CVE-2020-29668

LOW
CVSS:3.7(Low)

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

CWE-2872020

CVE-2021-20238

LOW
CVSS:3.7(Low)

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623)...

CWE-2872021

CVE-2021-36368

LOW
CVSS:3.7(Low)

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to ...

CWE-2872021