CVE-2024-45833

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..

CVSS v3 4.5 MEDIUM

4.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates

Configurations

No configuration.

History

16 Sep 2024, 15:30

Type	Values Removed	Values Added
Summary		(es) Las versiones <=2.18.0 de Mattermost Mobile Apps no pueden deshabilitar el autocompletado durante el inicio de sesión al escribir la contraseña y se selecciona la contraseña visible, lo que permite que la contraseña se guarde en el diccionario cuando el usuario tiene Swiftkey como teclado predeterminado, el enmascaramiento está desactivado y la contraseña contiene un carácter especial.

16 Sep 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-16 07:15

Updated : 2024-09-16 15:30

NVD link : CVE-2024-45833

Mitre link : CVE-2024-45833

CVE.ORG link : CVE-2024-45833

JSON object : View

Products Affected

No product.

CWE

CWE-693

Protection Mechanism Failure

4.5 /10