DEVO-2022-0001

Affected Products

Devolutions Password Hub for iOS 2021.3.3 and older

Change Log

Initial Publication - 2022-02-17

Severity

Medium

Product

Devolutions Password Hub for iOS

Fix Version

2021.3.4

Summary

A vulnerability was fixed in Devolutions Password Hub for iOS where the FaceID application lock could be bypassed.

Bypassable biometric application lock (CVE-2022-23849)

Description

The biometric application lock can be bypassed by failing the authentication process in rapid succession.

Remediation and Workarounds

Users are advised to update to 2021.3.4.

Severity

Medium - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Devolutions Password Hub on iOS versions 2021.3.3 and older

CVE(s)

CVE-2022-23849

Credits

Thanks to Sven Halm for reporting this issue.