Vulnerability Details : CVE-2023-5879
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.
Products affected by CVE-2023-5879
- cpe:2.3:a:geniecompany:aladdin_connect:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5879
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5879
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST | 2024-01-10 |
CWE ids for CVE-2023-5879
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by:
- cve@rapid7.con (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-5879
-
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garage-door-opener-multiple-vulnerabilities/
Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities | Rapid7 BlogVendor Advisory
Jump to