File and Chat disclosure by calling the device while its in locked state
·1 min
Nextcloud
bugbounty
CVE-2021-41181
Talk app allows access to sensitive chat messages on lockscreen during a call
Summary #
An attacker with physical access can gain access to the chat messages and files of the user by calling the victim phone while its in locked state.
This happens because the app did not properly detect the lockscreen state when a call was incoming.
Nextcloud was able to fix this by enabling the Keyguard on the Talk app.
References #
- https://hackerone.com/reports/1338781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41181
- https://github.com/nextcloud/talk-android/pull/1585
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-497c-c8hx-6qcf