Project

General

Profile

Actions

Issue #1359

closed

Device lock bypass - CVE-2013-6271

Added by Wolfgang Wiedmeyer about 7 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Category:
Security
Target version:
Start date:
09/28/2015
Due date:
% Done:

90%

Estimated time:
Resolution:
wontfix
Device:
Grant:
Type of work:

Description

Replicant is affected by the following vulnerability: https://www.cvedetails.com/cve/CVE-2013-6271
More information: http://blog.curesec.com/article/blog/CVE-2013-6271-Remove-Device-Locks-from-Android-Phone-26.html

You can test it for yourself with the following adb command:
adb shell am start -n com.android.settings/com.android.settings.ChooseLockGeneric --ez confirm_credentials false --ei lockscreen.password_type 0 --activity-clear-task
Your device lock should now be removed.

The upstream patch is here: https://android.googlesource.com/platform/packages/apps/Settings/+/66026773bbf1d7631743a5b892a4f768c694f868%5E!/
The patch needed to be modified for compatibility with replicant and the modified version is attached.
If you run the above command with the patch applied, you should now get prompted for your lock password/pin etc. and the lock is not just removed.


Files

Actions

Also available in: Atom PDF