CVE-2023-27895 Information

Description

SAP Authenticator for Android - version 1.3.0 allows the screen to be captured if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation an attacker can read some sensitive information but cannot modify and delete the data.

Reference

https://launchpad.support.sap.com/#/notes/3302710 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html