CVE-2022-3875

Exploit

EPSS 0.1%
Veröffentlicht 19.12.2022 11:15:10
Zuletzt bearbeitet 21.11.2024 07:20:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clickstudios ≫ Passwordstate Version- SwPlatform-

Clickstudios ≫ Passwordstate Version- SwPlatformchrome

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-302 Authentication Bypass by Assumed-Immutable Data

The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

Third Party Advisory

Exploit

Technical Description

https://vuldb.com/?id.216244

Third Party Advisory

VDB Entry

https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-3875

CVE Source (NVD)