Vulnerability Details : CVE-2015-3860
Potential exploit
packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.
Published
2015-10-01 00:59:28
Updated
2015-10-01 18:08:05
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-3860
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3860
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3860
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-3860
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3860
-
https://groups.google.com/forum/message/raw?msg=android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ
Vendor Advisory
-
https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590
8fba7e6931245a17215e0e740e78b45f6b66d590 - platform/frameworks/base - Git at GoogleVendor Advisory
-
https://code.google.com/p/android/issues/detail?id=178139
Inloggen - Google AccountsExploit
-
http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/
Android 5.x Lockscreen Bypass (CVE-2015-3860) – UT Austin Information Security OfficeExploit
Jump to