Unrated severityNVD Advisory· Published May 15, 2019· Updated Aug 4, 2024

CVE-2019-9196

Description

The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Aware mobile liveness SDK 2.2.0 allows bypass of biometric liveness authentication via tampering of the security_level parameter.

Vulnerability

The Face authentication component in Aware mobile liveness SDK 2.2.0 (used in Knomi) allows bypass of biometric liveness authentication. The vulnerability lies in the /knomi/analyze endpoint where the security_level field can be tampered with, leading to insufficient validation [1]. Affected versions: sdk 2.2.0 for Knomi, described in liveness 2.2.1 [1].

Exploitation

An attacker can remotely exploit this vulnerability without authentication [1]. By sending a crafted request with a modified security_level parameter to the /knomi/analyze endpoint, the liveness check can be bypassed. Attack complexity is low [1].

Impact

Successful exploitation results in bypass of biometric liveness authentication, allowing an attacker to spoof the liveness check [1]. Integrity impact is partial, as the attacker can impersonate a legitimate user's liveness verification, but confidentiality and availability are not affected [1].

Mitigation

As of the publication date (2019-05-15), no fix is mentioned in the available reference [1]. Users should contact Aware for updated SDK versions. The vulnerability is listed on cxsecurity [1].

References

Liveness face authentication bypass - lack of valitadion

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Aware/mobile livenessdescription
Aware/Knomillm-create
Range: <= 2.2.1 (sdk 2.2.0)
Aware/Aware mobile livenessllm-create
Range: 2.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2019050166mitrex_refsource_MISC
drive.google.com/openmitrex_refsource_MISC
ibb.co/n7LS34gmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000