10Mar
CVE-2024-2365 | Musicshelf 1.0/1.1 on Android SHA-1 PinningTrustManager.java weak password hash
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. This vulnerability is known as CVE-2024-2365. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.