6.5

CVE-2019-10676

EPSS 1.5%
Veröffentlicht 08.04.2019 17:29:00
Zuletzt bearbeitet 21.11.2024 04:19:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uniqkey ≫ Password Manager Version1.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.5%	0.805

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://cxsecurity.com/issue/WLB-2019040055

Third Party Advisory

https://packetstormsecurity.com/files/152410/Uniqkey-Password-Manager-1.14-Credential-Disclosure.html

Third Party Advisory

VDB Entry

https://seclists.org/fulldisclosure/2019/Apr/1

Third Party Advisory

Mailing List

https://vuldb.com/?id.132740

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-10676

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10676

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10676

EUVD