SecurityAdvisory 2015-04-14
The source code contains a logical flaw related to user PIN aka PW1 verification that allows an attacker with local host privileges and/or physical proximity NFC to perform security operations without knowledge of the user’s PIN code...