Lock WARP switch bypass on WARP mobile client using iOS quick action
Moderate
mskowroncf
published
GHSA-76pg-rp9h-wmcjOct 28, 2022
Package
Cloudflare WARP mobile client
(iOS)
Affected versions
<6.14
Patched versions
None
Description
Impact
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
Patches
The issue affected WARP client mobile application on iOS and was fixed in version 6.14.
Impact
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
Patches
The issue affected WARP client mobile application on iOS and was fixed in version 6.14.
References