CVE-2022-26629 – This vulnerability allows attackers to bypass t... (How to Fix)

Q: What is the severity of CVE-2022-26629?

CVE-2022-26629 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to bypass the lock screen security feature in SoroushPlus+ Messenger 1.0.30 due to insufficient access controls. It affects users of this specific version of the messenger app, potentially exposing private messages and data to unauthorized access.

📋 TL;DR

This vulnerability allows attackers to bypass the lock screen security feature in SoroushPlus+ Messenger 1.0.30 due to insufficient access controls. It affects users of this specific version of the messenger app, potentially exposing private messages and data to unauthorized access.

💻 Affected Systems

Products:

SoroushPlus+ Messenger

Versions: 1.0.30

Operating Systems: Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only version 1.0.30 is confirmed affected; earlier or later versions may vary. The vulnerability stems from the app's lock screen feature implementation.

📦 What is this software?

Soroushplus by Splus

View all CVEs affecting Soroushplus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains unauthorized access to the app, viewing or exfiltrating sensitive messages, contacts, and media, leading to privacy breaches or data theft.

🟠

Likely Case

Local attackers or malware bypass the lock screen to access the app's contents without user consent, compromising user privacy.

🟢

If Mitigated

With proper patching, the lock screen functions as intended, preventing unauthorized access and maintaining data confidentiality.

🌐 Internet-Facing: LOW, as this is a client-side app vulnerability requiring local access or malware to exploit, not directly exposed over the internet.

🏢 Internal Only: HIGH, as it can be exploited by anyone with physical or malware-based access to the device, posing significant risk to internal user privacy.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires local access to the device; public proof-of-concept code is available, making it easy for attackers to leverage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.0.30 (check app updates for latest)

Vendor Advisory: No official vendor advisory found; rely on community sources like GitHub.

Restart Required: Yes

Instructions:

1. Open the app store (Google Play or Apple App Store). 2. Search for SoroushPlus+ Messenger. 3. If an update is available, install it. 4. Restart the app to apply the fix.

🔧 Temporary Workarounds

Disable Lock Screen Feature

all

Temporarily turn off the lock screen security in the app settings to remove the vulnerable component.

Open SoroushPlus+ Messenger > Settings > Security > Disable Lock Screen

🧯 If You Can't Patch

Uninstall SoroushPlus+ Messenger and switch to a secure alternative.
Enable device-level security measures like strong passwords or biometric locks to limit physical access.

🔍 How to Verify

Check if Vulnerable:

Check the app version in SoroushPlus+ Messenger settings; if it is 1.0.30, it is vulnerable.

Check Version:

In the app, go to Settings > About or App Info to view the version number.

Verify Fix Applied:

Update the app and confirm the version is no longer 1.0.30; test the lock screen feature to ensure it cannot be bypassed.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to the app without lock screen prompts, or failed lock screen attempts that succeed unexpectedly.

Network Indicators:

None, as this is a local exploit without network activity.

SIEM Query:

Not applicable due to local nature; monitor device logs for app access anomalies if supported.

📊 Metadata

CVE ID: CVE-2022-26629

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-863

Published: March 24, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/sysenter-eip/CVE-2022-26629 Exploit,Third Party Advisory
https://github.com/sysenter-eip/CVE-2022-26629 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26629, you might also want to check these: