CVE-2021-3179

low-risk
Published 2021-12-16

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Gglocker

Affected Vendors

Gglocker Project

References (6)

Product https://apps.apple.com/us/app/gglocker/id1449241376#?platform=iphone
Third Party Advisory https://github.com/ggreco/gglocker/blob/master/gglocker/LoginCheck.m
https://medium.com/%40ksteo11/yet-another-password-manager-app-how-to-better-sec...
Product https://apps.apple.com/us/app/gglocker/id1449241376#?platform=iphone
Third Party Advisory https://github.com/ggreco/gglocker/blob/master/gglocker/LoginCheck.m
https://medium.com/%40ksteo11/yet-another-password-manager-app-how-to-better-sec...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal