CVE-2019-6744

Summary

CVE	CVE-2019-6744
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-02-10 21:53:00 UTC
Updated	2020-10-19 19:42:00 UTC
Description	This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Samsung	Galaxy S9	-	All	All	All
Hardware	Samsung	Galaxy S9	-	All	All	All
Application	Samsung	Knox	1.2.02.39	All	All	All
Application	Samsung	Knox	1.2.02.39	All	All	All

References

Reference	Source	Link	Tags
ZDI-19-515 \| Zero Day Initiative	MISC	www.zerodayinitiative.com	Third Party Advisory, VDB Entry
Samsung Mobile Security	MISC	security.samsungmobile.com	Not Applicable
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.