CVE-2018-9840

MEDIUM

Open Whisper Signal <2.23.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/signalapp/Signal-iOS/commits/release/2.23.2
Broken Link, Third Party Advisory x_refsource_misc
http://nint.en.do/Signal-Bypass-Screen-locker.php

Scores

CVSS v3 6.8
EPSS 0.0043
EPSS Percentile 34.7%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
signal/signal < 2.23.2
Published Apr 10, 2018
Tracked Since Feb 18, 2026