CVE-2023-27895: 
NixOS vulnerability analysis and mitigation

SAP Authenticator for Android version 1.3.0 contains a vulnerability that allows screen capture functionality, potentially exposing sensitive authentication information. The vulnerability was discovered and disclosed in March 2023, affecting the SAP Authenticator mobile application on Android platforms. This security issue enables an authorized attacker with access to install malicious applications on the target device to capture sensitive authentication data (NVD).

The vulnerability has been assigned CVE-2023-27895 with a CVSS v3.1 Base Score of 6.5 (Medium) according to NVD's assessment, while SAP SE rated it at 6.1 (Medium). The vulnerability allows screen capture functionality that could expose One-Time Password (OTP) displays and secret OTP alphanumeric tokens during the token setup process. The attack requires local access to the device and the ability to install malicious applications (NVD).

Upon successful exploitation, attackers can extract and read sensitive information including currently displayed OTPs and secret OTP alphanumeric tokens during the token setup process. While the attacker can access this sensitive authentication information, they cannot modify or delete the data (NVD).

SAP has addressed this vulnerability in versions after 1.3.0. Users are advised to update their SAP Authenticator for Android to the latest version available (NVD).