vendor:
1Password Android
by:
Valerio Brussani
7.5
CVSS
HIGH
Denial Of Service
400
CWE
Product Name: 1Password Android
Affected Version From: 1Password < 7.0
Affected Version To: 1Password < 7.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Android
2018
1Password Android Denial Of Service Vulnerability
The 1Password application < 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. To invoke the exported activity and crash the app, it is possible to use Drozer: run app.activity.start --component com.agilebits.onepassword com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity
Mitigation:
Upgrade to 1Password version 7.0 or later
