CVE - CVE-2021-41094

CVE-ID
CVE-2021-41094	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf URL:https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf MISC:https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746 URL:https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20210915	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210915)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)