CVE-2019-9465

MEDIUM

Android < 10.0 - Local Information Disclosure in Titan M Cryptographic Operations

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-9465. PoCs published by alexbakker, MichaelsPlayground.

AI-analyzed exploit summary This is a demo Android application demonstrating CVE-2019-9465, which involves a vulnerability in the Android Keystore system related to biometric authentication bypass. The PoC shows how encryption/decryption operations can be manipulated under specific conditions.

Description

In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-133258003

Exploits (2)

nomisec WORKING POC 9 stars
by alexbakker · poc
https://github.com/alexbakker/CVE-2019-9465

This is a demo Android application demonstrating CVE-2019-9465, which involves a vulnerability in the Android Keystore system related to biometric authentication bypass. The PoC shows how encryption/decryption operations can be manipulated under specific conditions.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Android Keystore system (versions affected by CVE-2019-9465)
No auth needed
Prerequisites: Android device with biometric authentication enabled · Access to the vulnerable application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by MichaelsPlayground · poc
https://github.com/MichaelsPlayground/CVE-2019-9465

This is a demo Android application demonstrating CVE-2019-9465, which involves a vulnerability in the Android Keystore system related to biometric authentication bypass. The PoC shows how encryption/decryption operations can be manipulated under specific conditions.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Android Keystore system (specific versions affected by CVE-2019-9465)
No auth needed
Prerequisites: Android device with vulnerable Keystore implementation · Biometric authentication enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 18.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
google/android < 10.0
Published Jan 07, 2020
Tracked Since Feb 18, 2026