The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.
References
Link | Resource |
---|---|
https://app-updates.agilebits.com/product_history/OPA4 | Vendor Advisory |
https://www.exploit-db.com/exploits/46165/ | Third Party Advisory VDB Entry |
https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/ |
Configurations
History
No history.
Information
Published : 2018-10-05 21:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-13042
Mitre link : CVE-2018-13042
CVE.ORG link : CVE-2018-13042
JSON object : View
Products Affected
1password
- 1password
CWE
CWE-20
Improper Input Validation