The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| abine | donottrackme_-_mobile_privacy | 1.1.8 |
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| abine | blur | 7.8.2424 |
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach, related to a "Multifactor Auth Bypass, Full Disk Encryption Bypass" issue affecting the Affected Chrome Plugin component.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| abine | blur | 7.8.2431 |