Improper Authentication in Samsung Pass Affects User Security
CVE-2023-42576

5.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 5 December 2023

Summary

An improper authentication vulnerability exists in Samsung Pass versions prior to 4.3.00.17. This flaw allows physical attackers to bypass authentication protocols by exploiting an invalid exception handler. As a result, unauthorized individuals may gain access to sensitive user data. It is vital for users to update their applications to the latest version to mitigate this security risk.

Affected Version(s)

Samsung Pass 4.3.00.17

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 11, 2023