Insecure Protocol Usage in SogouSDK of Chinese Samsung Keyboard: Keystroke Data Exposure Vulnerability

Insecure Protocol Usage in SogouSDK of Chinese Samsung Keyboard: Keystroke Data Exposure Vulnerability

CVE-2023-42579 · MEDIUM Severity

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack.

Learn more about our Cis Benchmark Audit For Google Android.