CVE-2020-8988

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.
Configurations

Configuration 1 (hide)

cpe:2.3:a:voatz:voatz:2020-01-01:*:*:*:*:android:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://blog.voatz.com/?p=1209 - Vendor Advisory () https://blog.voatz.com/?p=1209 - Vendor Advisory
References () https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf - Third Party Advisory () https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf - Third Party Advisory

Information

Published : 2020-02-13 21:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-8988

Mitre link : CVE-2020-8988

CVE.ORG link : CVE-2020-8988


JSON object : View

Products Affected

voatz

  • voatz
CWE
CWE-330

Use of Insufficiently Random Values

CWE-521

Weak Password Requirements