CVE-2022-25825Improper Authentication in Mobile Samsung Account

CWE-287Improper Authentication3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.1%
top 82.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Samsung AccountSamasung Account
Timeline
PublishedMar 10
Latest updateMar 11

Description

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_account-13.1.0.1
NVDsamasung/account< 13.1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-pcrj-v2mw-j945: Improper access control vulnerability in Samsung Account prior to version 132022-03-11
CVEList
CVE-2022-25825: Improper access control vulnerability in Samsung Account prior to version 132022-03-08
CVE-2022-25825 — Improper Authentication | cvebase