CVE-2021-3145
Description
A local root attacker on Android can bypass biometric authentication in Ionic Identity Vault before version 5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local root attacker on Android can bypass biometric authentication in Ionic Identity Vault before version 5.
Vulnerability
In Ionic Identity Vault prior to version 5, the biometric authentication logic on Android devices is vulnerable to bypass by a local root attacker. The code path does not properly enforce biometric checks when the device is rooted, allowing an attacker with root privileges to circumvent the authentication mechanism. [1][2]
Exploitation
An attacker must have already gained root access on the target Android device. No user interaction is required beyond that point. The attacker can directly invoke the authentication bypass by exploiting the flawed biometric validation logic implemented in pre-5 versions of Identity Vault. [2]
Impact
Successful exploitation allows the attacker to bypass biometric authentication entirely, gaining access to the protected Identity Vault contents. This can lead to unauthorized disclosure of sensitive user data, including authentication tokens and other encrypted information stored by the vault. [1][2]
Mitigation
Upgrade to Ionic Identity Vault version 5 or later, which contains the fix for this vulnerability. No workarounds are available for affected versions. [1][2]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Ionic/Identity Vaultdescription
- Range: <5
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- packetstormsecurity.com/files/164085/Ionic-Identity-Vault-4.7-Android-Biometric-Authentication-Bypass.htmlmitrex_refsource_MISC
- ionic.io/products/identity-vaultmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.