Access Control Flaw in Bitdefender Mobile Security Fingerprint Authentication
CVE-2024-31684

3.5LOW

Key Information:

Vendor: Bitdefender
Vendor: CVE Published:; 3 June 2024

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2024-31684?

An access control vulnerability exists in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms. This flaw allows attackers to bypass the fingerprint authentication process, potentially compromising user data. The issue arises from the use of a deprecated API, which fails to enforce proper access restrictions. Users of the affected version are urged to review security practices and apply necessary updates to mitigate risks associated with this vulnerability.

References

https://play.google.com/store/apps/details?id=com.choiceo...

https://zzzxiin.github.io/post/choice-of-love/

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2024