Element Android PIN autologout bypass

Impact

Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN.

Patches

Version 1.6.34 solves the issue.

For more information

If you have any questions or comments about this advisory, please email us at security at element.io.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Element Android PIN autologout bypass

Package

Affected versions

Patched versions

Description

Impact

Patches

For more information

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

CVE ID

Weaknesses