Description
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..
References (1)
Core 1
Core References
Vendor Advisory
https://mattermost.com/security-updates
Scores
CVSS v3
4.5
EPSS
0.0032
EPSS Percentile
23.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-693
Status
published
Products (1)
mattermost/mattermost_mobile
< 2.19.0
Published
Sep 16, 2024
Tracked Since
Feb 18, 2026