Improper Authentication in Samsung Pass Affects User Security
CVE-2023-42575

5.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-42575?

An improper authentication vulnerability in Samsung Pass allows physical attackers to bypass security measures due to an invalid flag setting in versions prior to 4.3.00.17. This flaw poses a significant risk to user data as unauthorized individuals may gain access to sensitive information. Users are advised to update their Samsung Pass to the latest version to mitigate this vulnerability.

Affected Version(s)

Samsung Pass 4.3.00.17

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 11, 2023