CVE Vulnerabilities

CVE-2023-0035

Improper Authentication

Published: Jan 09, 2023 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an SA relay attack.Local attackers can bypass authentication and attack other SAs with high privilege.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Openharmony Openatom 3.0 (including) 3.0.5 (including)

Potential Mitigations

References