How severe is CVE-2021-41094?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2021-41094?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2021-41094 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70

Related Vulnerabilities

CVE-2017-8161

MEDIUM

CVSS:4.6(Medium)

EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 v...

CWE-6682017

CVE-2017-8171

MEDIUM

CVSS:4.6(Medium)

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory ...

CWE-6682017

CVE-2020-13469

MEDIUM

CVSS:4.6(Medium)

The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.

CWE-6682020

CVE-2020-13470

MEDIUM

CVSS:4.6(Medium)

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.

CWE-6682020

CVE-2020-13472

MEDIUM

CVSS:4.6(Medium)

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.

CWE-6682020

CVE-2019-11728

MEDIUM

CVSS:4.7(Medium)

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Fi...

CWE-6682019