CVE-2020-8988

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.
Configurations

Configuration 1 (hide)

cpe:2.3:a:voatz:voatz:2020-01-01:*:*:*:*:android:*:*

History

No history.

Information

Published : 2020-02-13 21:15

Updated : 2024-02-28 17:28


NVD link : CVE-2020-8988

Mitre link : CVE-2020-8988

CVE.ORG link : CVE-2020-8988


JSON object : View

Products Affected

voatz

  • voatz
CWE
CWE-330

Use of Insufficiently Random Values

CWE-521

Weak Password Requirements