CVE-2013-511331.01.2020, 15:15LastPass prior to 2.5.1 has an insecure PIN implementation.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.8 MEDIUMPHYSICALLOWNONECVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Awaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 31%Known Exploits!http://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/http://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/Common Weakness EnumerationCWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Referenceshttp://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/https://www.securityfocus.com/archive/1/529783http://blog.c22.cc/2013/09/05/a-sneak-peak-into-android-secure-containers-2/https://blog.c22.cc/advisories/cve-2013-51135114-lastpass-android-container-pin-and-auto-wipe-security-feature-bypass/https://www.securityfocus.com/archive/1/529783