Improper Access Control in Samsung Pass Affects User Data Security
CVE-2023-30677

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 6 July 2023

Summary

Samsung Pass has been identified with an improper access control vulnerability that enables physical attackers to gain unauthorized access to sensitive user data on an unlocked device. This security flaw affects all versions prior to 4.2.03.1 and poses a significant risk to user privacy, especially in scenarios where devices are left unattended. It is crucial for users to update to the latest version to mitigate potential data exposure.

Affected Version(s)

Samsung Pass 4.2.03.1

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Apr 14, 2023