Lucene search

MitreCVE-2021-3179

HistoryDec 16, 2021 - 8:15 p.m.

CVE-2021-3179

2021-12-1620:15:07

CWE-522

mitre

web.nvd.nist.gov

cve-2021-3179

gglocker

ios application

insecure data storage

password hash

authentication bypass

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.

Affected configurations

Nvd

Node

gglocker_projectgglockerMatch-iphone_os

VendorProductVersionCPE
gglocker_projectgglocker-cpe:2.3:a:gglocker_project:gglocker:-:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
gglocker_project	gglocker	-	cpe:2.3:a:gglocker_project:gglocker:-:::::iphone_os::

References

apps.apple.com/us/app/gglocker/id1449241376#?platform=iphone

github.com/ggreco/gglocker/blob/master/gglocker/LoginCheck.m

medium.com/%40ksteo11/yet-another-password-manager-app-how-to-better-secure-it-8e9df2ce35c8

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Related for CVE-2021-3179