Improper Authentication in Samsung Pass Affects User Security
CVE-2023-42576

5.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Pass
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-42576?

An improper authentication vulnerability exists in Samsung Pass versions prior to 4.3.00.17. This flaw allows physical attackers to bypass authentication protocols by exploiting an invalid exception handler. As a result, unauthorized individuals may gain access to sensitive user data. It is vital for users to update their applications to the latest version to mitigate this security risk.

Affected Version(s)

Samsung Pass 4.3.00.17

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 11, 2023