Описание
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1 (включая) до 3.1.4 (включая)
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
8.3 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-287
CWE-319
Связанные уязвимости
CVSS3: 5.3
github
около 3 лет назад
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
EPSS
Процентиль: 9%
0.00033
Низкий
8.3 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-287
CWE-319