CVE-2024-49405: 
Homebrew vulnerability analysis and mitigation

Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 was discovered, identified as CVE-2024-49405. The vulnerability was reported on July 10, 2024, and affects Samsung Pass application versions before 4.4.04.7. This security issue allows physical attackers to access sensitive information in specific scenarios (Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 MEDIUM (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) by NIST NVD, while Samsung Mobile assessed it with a score of 5.3 MEDIUM (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). The vulnerability requires physical access to the device but has low attack complexity and needs no privileges or user interaction to exploit (NVD).

The vulnerability allows physical attackers to access sensitive information stored in Samsung Pass's Private Info feature when exploited under specific conditions. The impact is primarily focused on confidentiality, with no direct effect on integrity or availability of the system (Samsung Advisory).

Samsung has released version 4.4.04.7 of Samsung Pass that includes a patch adding proper authentication to address this vulnerability. Users are advised to update their Samsung Pass application to this version or later to protect against potential exploitation (Samsung Advisory).

The vulnerability was discovered and reported by security researcher Harsh Tyagi. Samsung classified it as a moderate severity issue in their security advisory (Samsung Advisory).