According to the CVSS metric, Attack Vector is Local (AV:L). What does that mean for this vulnerability? An attacker would have to have local presence on the device through malware or a malicious application to be able to exploit this vulnerability. According to the CVSS metric, User Interaction is Required (UI:R). What interaction would the user have to do? The victim will have to close and re-open the Authenticator app for the attacker to exploit this vulnerability. According to the CVSS metric, Confidentiality and Integrity impact are High and Availability is None (C:H, I:H, A:N). What does that mean for this vulnerability? Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running.
Anonymous, alirez, Anonymous