CVE-2021-25466Improper Authentication in Mobile Samsung Internet

CWE-287Improper Authentication3 documents3 sources
Severity
5.9MEDIUMNVD
CNA6.5
EPSS
0.2%
top 53.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung InternetSamsung Internet
Timeline
PublishedSep 9
Latest updateMay 24

Description

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/internet< 15.0.2.47
CVEListV5samsung_mobile/samsung_internet-15.0.2.47

🔴Vulnerability Details

2
GHSA
GHSA-hwr5-xvv8-wh2p: Improper scheme check vulnerability in Samsung Internet prior to version 152022-05-24
CVEList
CVE-2021-25466: Improper scheme check vulnerability in Samsung Internet prior to version 152021-09-09
CVE-2021-25466 — Improper Authentication | cvebase