Account
CVE-2021-25351
LOW
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
AnalysisAI
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-285. Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Affected products include: Samsung Account. Version information: version 10.7.0.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Microsoft Account has a cross-site scripting vulnerability allowing unauthenticated attackers to execute scripts in the
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_tok
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior
Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior
Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prio
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account pr
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to acc
Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today