CVE-2024-45833 MEDIUM

CVE-2024-45833: Mobile password gets saved in dictionary under conditions

Vendor Mattermost
Product Mattermost
Weakness CWE-693
Published September 16, 2024
Last update September 16, 2024

CVSS base score

4.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..

Key dates

02Disclosure timeline

September 16, 2024 CVE published
September 16, 2024 Record updated