Amazon Echo Information Disclosure Vulnerability

The Amazon Echo is a smart speaker device from the American company Amazon Amazon. A security vulnerability exists in the reprompt feature in versions of Amazon Echo prior to 2018-04-27. An attacker could exploit the vulnerability to obtain recorded user voice...

Design/Logic Flaw

DISPUTED Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the us...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

CVE-2018-11567

The CVE concerns Amazon Echo devices where the reprompt feature can be misused by a malicious Alexa skill. Affected component: reprompt handling within Echo devices (prior to 2018-04-27). Root cause: empty output-speech reprompts, wildcard input slots, and logging of detected speech enable an att...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...