An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
CPE | Name | Operator | Version |
---|---|---|---|
authenticator | le | 3.4 | |
intercept_x | lt | 9.7.3495 |