NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.
{ "vanir_signatures": [ { "id": "CVE-2024-39846-0cd3b115", "signature_type": "Line", "digest": { "line_hashes": [ "132229337887815065856227273830457668728", "17151883512358137046462535688897835623", "289117615773041765479522415286840472347", "250915306001770762165565683291190777877", "296342352386063629303546487951113429088", "339719551376655750402215628033799849993", "72579781656984476817151793317766329902", "89011785020648711671980589120223641824", "22269106884187958201544110557317861164", "247789483686116378433439328042407288631", "13178718116290079307999949552517751852", "56163405887195968070037531925837252200", "126629710956304530211606447021770393782", "185000755837964503743904067372020389849", "329586636320656191453833818737479123775", "132997048435102247554729354544066200078", "304141159309479020608386676805873610779", "294131843559486596983850529374941802834", "116590619568419455525789748673301017795", "118194026958897193031475099007386480259", "71661179111686935415572363779748708687", "47029693029033295115922212417074059661", "229091174952368091367673548749940910391" ], "threshold": 0.9 }, "target": { "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" }, { "id": "CVE-2024-39846-2442bf7d", "signature_type": "Line", "digest": { "line_hashes": [ "111376424034665128735850916253479674283", "276971237721654397595544672220941707838", "233503304053525306952323697254538073444", "175745559041751265150206311524047359814", "73208199448301527029459989704879509207", "141437077779487457985065992618684811813", "34060294516782953427623042318113129885", "317322633062901502557741829394183273873", "16190961001666518732665872265747622930", "241613398039012201232776503929381043487", "280162935488038461885247290123795144163", "252992610837661763024369004613673558435", "268143136973426179113408158674546121257", "17953863010315582496922639268921441700", "334476094814724249108067920385955751472", "6454753101262110726784973748128539731", "296012212542219762276308491112105479276", "144326052863564074185424651279413373538" ], "threshold": 0.9 }, "target": { "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" }, { "id": "CVE-2024-39846-4e2d5065", "signature_type": "Function", "digest": { "function_hash": "127394075954944404709278222221608419657", "length": 517.0 }, "target": { "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java", "function": "createUser" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" }, { "id": "CVE-2024-39846-4f7f6781", "signature_type": "Function", "digest": { "function_hash": "129197270343008822997803079992745795122", "length": 517.0 }, "target": { "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java", "function": "loginWithPassword" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" }, { "id": "CVE-2024-39846-582ee1cf", "signature_type": "Function", "digest": { "function_hash": "309390461381615369521833506487008938118", "length": 321.0 }, "target": { "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java", "function": "registerUser" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" }, { "id": "CVE-2024-39846-dcd308c3", "signature_type": "Function", "digest": { "function_hash": "124411811890504184429047939920313117799", "length": 426.0 }, "target": { "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java", "function": "loginUserWithPassword" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720" } ] }