Vulnerabilities > Samsung > Knox > 1.0

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-3996 Information Exposure vulnerability in Samsung Knox 1.0/2.3.0
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
local
low complexity
samsung CWE-200
5.5
2017-01-27 CVE-2016-1920 Improper Access Control vulnerability in Samsung Knox 1.0
Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.
local
low complexity
samsung CWE-284
5.5
2017-01-27 CVE-2016-1919 Information Exposure vulnerability in Samsung Knox 1.0
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
local
high complexity
samsung CWE-200
4.7