CVE-2016-10398

MEDIUM

Google Android - Access Control

Title source: rule

Description

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.

References (1)

[Technical Description, Third Party Advisory] https://homepages.staff.os3.nl/~delaat/rp/2015-2016/p30/report.pdf

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (2)

google/android

n/a/n/a

Published Jul 17, 2017

Tracked Since Feb 18, 2026