[Nextcloud] Bypass the protection lock in andoid app ($200 USD)
Original Post:
We discussed this vulnerability during Episode 141 on 02 May 2022
Simple bypass of the (optional) password lock screen by force-killing the application a few times. The exact cause of this is unclear, I have seen something previously where it was a “feature” because the developers thought it was crashing on that point so disabled it to let the user continue to use the application. That doesn’t appear to be the case here thankfully but we don’t get a ton of information on the root cause. it is an interesting test case to keep in mind though, force killing applications can introduce some interesting bugs, often not with security consequences but still worth exploring.