Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Play services SDK 权限许可和访问控制漏洞
Vulnerability Description
Google Play services是谷歌(Google)公司为将Google的多个服务整合到开发的Android软件中开发的一项服务。Google Play services SDK是一个开发基于Google Play services APIs的应用程序的工具包。 Google Play services SDK 6.1及之前版本的‘GoogleAuthUtil.getToken’方法中存在安全漏洞。攻击者可借助特制的应用程序利用该漏洞绕过既定的consent(是否以管理员运行)对话框,重新获取任
CVSS Information
N/A
Vulnerability Type
N/A