QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3860

Published: Oct 1, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[android-security-updates] 20150909 Nexus Security Bulletin (September 2015)

mailing-list

x_refsource_MLIST

https://code.google.com/p/android/issues/detail?id=178139

x_refsource_CONFIRM

http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

x_refsource_MISC

https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.