I found a vulnerability with which you can log into hendroid, protected by a password with the "lock when restored from background" parameter. If you quickly switch between applications, you will not need to enter a PIN code, provided that it has already been entered in this session.
This is (probably) not a problem with the "delay" parameter, because it works when it is set to "no delay".
This is my first issue, so I might not have included something important. Ask anything.
Hendroid Version: 1.15.14 (184)
Device/Android Version: MI MAX 2/10 (custom ROM)
Issue details / Repro steps:
1) Open password-protected Hendroid.
2) Enter password (Important, not working on first start).
3) Exit and enter into app.
4) Quickly exit the app and return back.
5) Hendroid unlocked without password.
Password bypass vulnerability
I found a vulnerability with which you can log into hendroid, protected by a password with the "lock when restored from background" parameter. If you quickly switch between applications, you will not need to enter a PIN code, provided that it has already been entered in this session.
This is (probably) not a problem with the "delay" parameter, because it works when it is set to "no delay".
This is my first issue, so I might not have included something important. Ask anything.
Hendroid Version: 1.15.14 (184)
Device/Android Version: MI MAX 2/10 (custom ROM)
Issue details / Repro steps: 1) Open password-protected Hendroid. 2) Enter password (Important, not working on first start). 3) Exit and enter into app. 4) Quickly exit the app and return back. 5) Hendroid unlocked without password.
https://user-images.githubusercontent.com/38111072/144653383-16b1d4c7-476b-4cce-9c1c-18865f47063d.mp4