CVE-2024-2365 LOW

CVE-2024-2365: Musicshelf SHA-1 PinningTrustManager.java weak password hash

Vendor N/A

Product Musicshelf

Weakness CWE-916

Published March 10, 2024

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

1.6/10

Attack vector Physical

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.

Key dates

Disclosure timeline

March 10, 2024 CVE published

August 5, 2024 Record updated

Identifiers

CVE CVE-2024-2365

CWE CWE-916

CVSS 1.6 / LOW

Affected versions

Vendor N/A

Product Musicshelf

Affected 1.0

Vendor N/A

Product Musicshelf

Affected 1.1