Primary

Context

AliasVault Android Passkey Validation Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability in AliasVault Android password manager versions 0.24.0 through 0.25.2 allowed malicious apps to request passkeys for unauthorized sites. This issue arose from incomplete validation of app identity and origin in the Android credential provider, potentially leading to unauthorized authentication if the user approved the request.

Impact

The vulnerability could be exploited by a malicious app to obtain passkeys for sites not authorized, potentially leading to unauthorized access or authentication.

Remediation

Users are advised to update AliasVault for Android to version 0.25.3 or later. This update is available on the Google Play Store, F-Droid, and as a manual APK download from the AliasVault website.

Added: Jan 14, 2026, 5:31 PM

Updated: Jan 14, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AliasVault Android Passkey Validation Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating