CVE-2019-6481 Information

Description

Abine Blur 7.8.2431 allows remote attackers to conduct \Second-Factor Auth Bypass\ attacks by using the \Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app.\ approach related to a \Multifactor Auth Bypass Full Disk Encryption Bypass\ issue affecting the Affected Chrome Plugin component.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://packetstormsecurity.com/files/152139/Abine-Blur-7.8.24x-Authentication-Bypass.html http://seclists.org/fulldisclosure/2019/Mar/33 https://redcoded.com/cve/2018/03/10/CVE.html https://redcoded.com/cve/2019/03/18/CVE.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5