Issue #1359
closedDevice lock bypass - CVE-2013-6271
90%
Description
Replicant is affected by the following vulnerability: https://www.cvedetails.com/cve/CVE-2013-6271
More information: http://blog.curesec.com/article/blog/CVE-2013-6271-Remove-Device-Locks-from-Android-Phone-26.html
You can test it for yourself with the following adb command:
adb shell am start -n com.android.settings/com.android.settings.ChooseLockGeneric --ez confirm_credentials false --ei lockscreen.password_type 0 --activity-clear-task
Your device lock should now be removed.
The upstream patch is here: https://android.googlesource.com/platform/packages/apps/Settings/+/66026773bbf1d7631743a5b892a4f768c694f868%5E!/
The patch needed to be modified for compatibility with replicant and the modified version is attached.
If you run the above command with the patch applied, you should now get prompted for your lock password/pin etc. and the lock is not just removed.
Files