Primary

Context

Two App Studio Journey Brute-Force and Runtime Manipulation Authentication Bypass Vulnerability

Vulnerability

A vulnerability in the local authentication component of Two App Studio Journey version 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access controls. This is achieved through repeated PIN attempts or dynamic code injection, exploiting insufficient protection against brute-force attacks and runtime manipulation.

Impact

Exploitation of this vulnerability allows local attackers to access sensitive data within the app, bypassing established authentication methods. This includes private content and key material, potentially leading to unauthorized access to personal entries and media stored in the journaling app.

Remediation

Users are advised to enforce retry limits, bind authentication to the iOS keychain, and store sensitive credentials within the Secure Enclave.

Added: Jul 21, 2025, 11:18 AM

Updated: Jul 21, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Two App Studio Journey Brute-Force and Runtime Manipulation Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating