In September, Google added the remote Device locking Capability to its. Android Device Manager, allowing users to lock their phone if it’s stolen or lost. Recently, from Germany has discovered an interesting vulnerability in Android 4.3 that allows a rogue app to remove all existing device locks activated by a user. The bug exists on the “com.android.settings.ChooseLockGeneric class”. This class is used to allow the user to modify the type of lock mechanism the device should have. Attackers can exploit this issue to bypass certain security restrictions.
Source: https://thehackernews.com/2013/12/CVE-2013-6271-Android-device-lock-bypass.html