← Back

CVE-2024-45833

nvd nist
Published: Sep 16, 2024Modified: Sep 23, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..

Affected (1)

Mattermost
1 product
Mattermost Mobile
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mattermost Mobile
Before 2.19.0

Related CWEs

CWE-693
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (1)

Source: responsibledisclosure@mattermost.com
Vendor Advisory

Timeline

No history available yet.