1.4.14

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

rcdevs

NVD

Published: 2021-11-10

Updated: 2024-11-21

Summary

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code.

Vulnerable Configurations

Part	Description	Count
Application	Rcdevs Rcdevs Openotp Token 1.4.13 Rcdevs Openotp Token 1.4.14	2

References

https://excellium-services.com/cve-2021-42111/
https://excellium-services.com/cve-2021-42111/