Lucene search

VulDBCVELIST:CVE-2022-4610

HistoryDec 19, 2022 - 12:00 a.m.

CVE-2022-4610 Click Studios Passwordstate risky encryption

2022-12-1900:00:00

CWE-310

VulDB

www.cve.org

click studios

passwordstate

risky encryption

cryptographic algorithm

local access

vdb-216272

CVSS3

1.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.

CNA Affected

[
  {
    "vendor": "Click Studios",
    "product": "Passwordstate",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Click Studios",
    "product": "Passwordstate Browser Extension Chrome",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

vuldb.com/?id.216272

www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf

CVSS3

1.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVELIST:CVE-2022-4610