Improper Authentication in Samsung Pass by Samsung
CVE-2021-25505

3.3LOW

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 5 November 2021

What is CVE-2021-25505?

An improper authentication issue exists in Samsung Pass, allowing unauthorized usage of the app when the device's lockscreen is unlocked. Users may face security risks as this vulnerability permits access without appropriate authentication measures in place, potentially exposing sensitive information stored within the application.

Affected Version(s)

Samsung Pass - < 3.0.02.4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2021
Vulnerability Reserved
Jan 19, 2021