Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-13042

Description

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.

POC

Reference

- https://www.exploit-db.com/exploits/46165/

- https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/

Github

No PoCs found on GitHub currently.