Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
oryginał ENCVSS Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NSamsung Knox
APPSamsung≤ 1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2019-6744MEDIUM4.3ten sam produkt
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsu...
CVE-2016-1920MEDIUM5.5ten sam produkt
Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-midd...
CVE-2016-3996MEDIUM5.5ten sam produkt
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users ...
CVE-2025-4632CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Path Traversal w Samsung MagicINFO 9 Server — zapis plików jako SYSTEM
CVE-2026-28573CRITICAL10.0ten sam vendor
In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. Th...