[Japanese]

JVNDB-2025-001605

"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel

Overview

"RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel (CWE-288).

Johan Francsics reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.2 (Medium) [Other]
  • Attack Vector: physics
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None
Affected Products


Siber Systems Inc.
  • RoboForm Password Manager for Android versions prior to 9.7.4

Impact

An attacker with access to a device where the application is installed may bypass the lock screen and obtain sensitive information.
Solution

[Update the Application]
Update the application to the latest version according to the information provided by the developer.
Vendor Information

Siber Systems Inc.
CWE (What is CWE?)

  1. Authentication Bypass Using an Alternate Path or Channel(CWE-288) [Other]
CVE (What is CVE?)

  1. CVE-2025-26700
References

  1. JVN : JVNVU#92071645
Revision History

  • [2025/02/20]
      Web page was published

Date Public2025/02/17
Date First Published2025/02/20
Date Last Updated2025/02/20