Vulnerability: PIN/Password Removal in Android Lock Settings Service

Vulnerability: PIN/Password Removal in Android Lock Settings Service

CVE-2016-3908 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.

Learn more about our Cis Benchmark Audit For Google Android.