312 – Insecure service configuration - Signatures
Description
The application is signed with a V1 signing scheme, which makes it vulnerable to the Janus vulnerability in Android.
Impact
Precede a malicious DEX file to an APK file, without affecting its signature.
Recommendation
Securely configure the vulnerable service so that it can only be accessed by authorized users.
Threat
Unauthorized attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: N
- User interaction: P
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P