Published:2025/02/17 Last Updated:2025/02/17
JVNVU#92071645
"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel
Overview
"RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel.
Products Affected
- "RoboForm Password Manager" App for Android versions prior to 9.7.4
Description
"RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel (CWE-288).
Impact
An attacker with access to a device where the application is installed may bypass the lock screen and obtain sensitive information.
Solution
Update the Application
Update the application to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Siber Systems, Inc. | RoboForm for Android Version News |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score:
5.2
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Johan Francsics reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-26700 |
| JVN iPedia |
|