Authentication flaw

2017-09-2022:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.

CPENameOperatorVersion
good_for_enterpriseeq3.0.0.415

CPE	Name	Operator	Version
	good_for_enterprise	eq	3.0.0.415

References

www.securityfocus.com/archive/1/536543

community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling

www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt