CVE-2024-31682 – This vulnerability allows attackers to bypass f... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to bypass fingerprint authentication in Phone Cleaner: Boost & Clean v2.2.0 due to incorrect access control in a deprecated API. Users of this specific version are affected, potentially allowing unauthorized access to app functionality.

💻 Affected Systems

Products:

Phone Cleaner: Boost & Clean

Versions: v2.2.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices using fingerprint authentication with this specific app version.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of fingerprint authentication allowing unauthorized access to sensitive app features and data.

🟠

Likely Case

Attackers with physical access to device can bypass fingerprint lock and access app's cleaning/optimization features.

🟢

If Mitigated

If proper authentication controls were implemented, fingerprint authentication would function as intended.

🌐 Internet-Facing: LOW (requires physical access or local app interaction)

🏢 Internal Only: MEDIUM (affects local device security and app data protection)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical access to device or ability to interact with the app locally.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check Google Play Store for app updates
2. If no update available, consider alternative cleaning apps
3. Monitor vendor communications for patch release

🔧 Temporary Workarounds

Disable fingerprint authentication

android

Remove fingerprint authentication for Phone Cleaner app

Open Phone Cleaner app → Settings → Security → Disable fingerprint authentication

Uninstall vulnerable version

android

Remove the vulnerable app version from device

Settings → Apps → Phone Cleaner → Uninstall

🧯 If You Can't Patch

Disable fingerprint authentication for the app in settings
Use alternative cleaning/optimization apps with proper security controls

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings → Apps → Phone Cleaner → App info

Check Version:

Not applicable - check via Android app settings

Verify Fix Applied:

Verify app version is updated beyond v2.2.0 or fingerprint authentication is disabled

📡 Detection & Monitoring

Log Indicators:

Multiple failed fingerprint attempts followed by successful authentication
Authentication bypass events in app logs

Network Indicators:

None - local vulnerability only

SIEM Query:

Not applicable for local app vulnerability

📊 Metadata

CVE ID: CVE-2024-31682

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: June 3, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31682, you might also want to check these: