CVE-2020-35138

CVE-2020-35138 affects MobileIron agents for Android and iOS (up to 2021-03-22). The concrete issue is a hardcoded encryption key located in com/mobileiron/common/utils/C4928m.java, used to encrypt username/password submissions during authentication. Reported impact centers on credential handling...

CVE-2021-3391

CVE-2021-3391 affects MobileIron Mobile@Work up to 2021-03-22. The vulnerability enables an attacker to distinguish valid, disabled, and nonexistent user accounts by measuring the number of failed login attempts required to trigger a Lockout message, effectively enabling account enumeration. The ...

CVE-2020-35137

CVE-2020-35137 concerns MobileIron agents for Android and iOS (through 2021-03-22) that hardcode an API key in com/mobileiron/registration/RegisterActivity.java. This key is used to reach the SaaS discovery API via api/v1/gateway/customers/servers. The feature is opt-in and not enabled by default...

CVE-2014-5903

The CVE-2014-5903 entry describes a vulnerability in the Mobile@Work (com.mobileiron) Android app version 6.0.0.1.12R where the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and disclose sensitive information via a crafted certifica...