CVE-2016-3917

Published: Oct 10, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.

Affected (2)

Products: Google: Android

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 7.0

Related CWEs

References (6)

http://source.android.com/security/bulletin/2016-10-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/93298

Source: security@android.com

https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-10-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93298

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.