CVE-2020-8988

MEDIUM

Voatz app <2020-01-01 - Info Disclosure

Title source: llm

Description

The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach.

References (2)

[Third Party Advisory] https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf

[Vendor Advisory] https://blog.voatz.com/?p=1209

Scores

CVSS v3 5.9

EPSS 0.0034

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-521 CWE-330

Status published

Products (1)

voatz/voatz 2020-01-01

Published Feb 13, 2020

Tracked Since Feb 18, 2026