VulnerAlert



ANDROID
27-10-2025 14:01

CVE-2025-61482 Vulnerabilidad documentada

Sin puntuación
Tags
#android
#improper
#attackers
#bypass
#root
#privacy
#pass
#password
#allow
#attack
#access
Descripción
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation valid one-time passwords, bypassing authentication for enrolled accounts.
https://github.com/ReversecLabs/android-keystore-audit/blob/master/frida-scripts/tracer-cipher.js
https://svarthatt.se/cve/cve-2025-61482-pulling-otp-secrets-from-privacyidea-authenticator/
Referencia
CVE-2025-61482
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-61482
Resultados similares
Coincidentes en almenos en 50% de los tags
27-10-2025 CVE-2025-12080
On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, ...
Ver información
20-10-2025 CVE-2022-20350
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick th...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por