signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Signond | Signond_project | * | 8.57+15.04.20141127.1-0ubuntu1 (excluding) |
| Signon | Ubuntu | artful | * |
| Signon | Ubuntu | bionic | * |
| Signon | Ubuntu | cosmic | * |
| Signon | Ubuntu | devel | * |
| Signon | Ubuntu | disco | * |
| Signon | Ubuntu | trusty | * |
| Signon | Ubuntu | upstream | * |
| Signon | Ubuntu | utopic | * |
| Signon | Ubuntu | vivid | * |
| Signon | Ubuntu | vivid/stable-phone-overlay | * |
| Signon | Ubuntu | wily | * |
| Signon | Ubuntu | xenial | * |
| Signon | Ubuntu | yakkety | * |
| Signon | Ubuntu | zesty | * |