Main Vulnerability Database SB2020041428

SB2020041428 - Improper Authentication in Microsoft YourPhone Application for Android

Published: April 14, 2020

Security Bulletin ID SB2020041428

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2020-0943)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. An attacker with physical access to the device can bypass authentication process and view notifications.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943