4.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.1%
Session 1.13.0 allows an attacker with physical access to the victim’s device to bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
fluidattacks.com/advisories/tempest/
github.com/oxen-io/session-android
github.com/oxen-io/session-android/pull/897