Primary

Context

Element Android PIN Autologout Bypass Vulnerability

Vulnerability

A vulnerability exists in Element Android, a Matrix client, in versions through 1.6.32. Under certain conditions, the application may fail to log out a user after multiple incorrect PIN entries. This flaw can be exploited by an attacker with physical access to the device to guess the PIN. The issue is resolved in version 1.6.34.

Impact

Exploitation of this vulnerability allows for unauthorized PIN guessing, potentially leading to unauthorized access.

Reproduction

To reproduce this vulnerability, enter an incorrect PIN multiple times, exceeding the application's configured limit. After the maximum number of incorrect attempts, the application may not log out the user as expected, leaving the PIN entry vulnerable to further guessing attempts.

Remediation

Users can update to Element Android version 1.6.34 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Element Android PIN Autologout Bypass Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating