Lucene search

PRIOn knowledge basePRION:CVE-2023-36266

HistoryJul 12, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-07-1216:15:00

PRIOn knowledge base

www.prio-n.com

keeper password manager

keeperfill browser extensions

security flaw

plaintext password storage

sensitive information

local attackers

memory management

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

DISPUTED An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).

CPENameOperatorVersion
keepereq16.10.2
keeperfilleq16.5.4

CPE	Name	Operator	Version
	keeper	eq	16.10.2
	keeperfill	eq	16.5.4

References

packetstormsecurity.com/files/173809/Keeper-Security-Desktop-16.10.2-Browser-Extension-16.5.4-Password-Dumper.html

harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping/