The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
References
Link | Resource |
---|---|
https://www.reddit.com/r/netsec/comments/6kajkc/elephone_p9000_lock_screen_lockout_bypass_with/ | Press/Media Coverage Third Party Advisory |
https://www.security.nl/posting/522081/Schermvergrendeling+Elephone+P9000+door+lek+te+omzeilen | Third Party Advisory |
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-011/?fid=9707 | Third Party Advisory |
https://www.trustwave.com/Resources/SpiderLabs-Blog/Elephone-P9000-Lock-Screen-Lockout-Bypass/?page=1&year=0&month=0 | Third Party Advisory |
https://www.youtube.com/watch?v=dwyzonP2eZw | Press/Media Coverage Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-06-30 16:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-10709
Mitre link : CVE-2017-10709
CVE.ORG link : CVE-2017-10709
JSON object : View
Products Affected
- android
elephone
- p9000
CWE
CWE-287
Improper Authentication