100 matches found
CVE-2022-3876 Click Studios Passwordstate API authorization
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument...
CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...
CVE-2022-3876 Click Studios Passwordstate API authorization
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument...
CVE-2022-4611
CVE-2022-4611 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Vulnerability details in the provided documents indicate a manipulation that results in hard-coded credentials in an unspecified part of the product, with remote initiation possible and public disclosure...
CVE-2022-4613 Click Studios Passwordstate Browser Extension Provisioning improper authorization
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated...
CVE-2022-3876
CVE-2022-3876 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The vulnerability lies in the API path /api/browserextension/UpdatePassword/ where manipulating the PasswordID argument bypasses authorization. The attack may be initiated remotely and the exploit has be...
CVE-2022-25570
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
CVE-2022-25570
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
Default credentials
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
CVE-2022-25570
Technical details (versions, root cause, impact, and fixes) are not publicly provided in the connected documents; monitor for updates.
CVE-2022-25570
In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...
Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach
Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a...
Password manager hijacked to deliver malware in supply chain attack
In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. Though the number of...
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update...
CVE-2020-27747
CVE-2020-27747 concerns Click Studios Passwordstate 8.9 (Build 8973). The issue: if a user set a 4‑digit PIN via the mobile built‑in generator, a remote attacker can brute‑force the PIN, potentially exposing all passwords accessible to the affected account. The available documents describe the af...
Click Studios Passwordstate Cross-Site Scripting Vulnerability
Click Studios Passwordstate is a web-based password manager from Click Studios Australia. A cross-site scripting vulnerability exists in versions prior to Click Studios Passwordstate 8.3 Build 8397. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via ...
Hardcoded credentials
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2018-14776
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2018-14776
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2018-14776
CVE-2018-14776 affects Click Studios Passwordstate (web-based password manager) prior to version 8.3 Build 8397. The vulnerability is an authenticated-user cross-site scripting (XSS) flaw triggered by uploading an HTML document, enabling injection of arbitrary script when viewed by other authenti...