SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3302710 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-03-14T05:08:09.049Z
Updated: 2023-04-11T20:19:44.189Z
Reserved: 2023-03-07T07:53:14.886Z
Link: CVE-2023-27895
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-14T06:15:12.553
Modified: 2023-04-11T04:16:06.767
Link: CVE-2023-27895
JSON object: View
Redhat Information
No data.
CWE