Headline
CVE-2022-23849: DEVO-2022-0001
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts.
Call me
Live Chat
Log in
Security & Compliance Advisories
Affected Products
Devolutions Password Hub for iOS 2021.3.3 and older
Change Log
Initial Publication - 2022-02-17
Product
Devolutions Password Hub for iOS
Summary
A vulnerability was fixed in Devolutions Password Hub for iOS where the FaceID application lock could be bypassed.
Bypassable biometric application lock (CVE-2022-23849)
Description
The biometric application lock can be bypassed by failing the authentication process in rapid succession.
Remediation and Workarounds
Users are advised to update to 2021.3.4.
Severity
Medium - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
Devolutions Password Hub on iOS versions 2021.3.3 and older
Credits
Thanks to Sven Halm for reporting this issue.