Lucene search
+L

100 matches found

Cvelist
Cvelist
added 2022/12/19 12:0 a.m.26 views

CVE-2022-3876 Click Studios Passwordstate API authorization

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument...

4.3CVSS6.8AI score0.00844EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.26 views

CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...

7.3CVSS8.1AI score0.00968EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.11 views

CVE-2022-3876 Click Studios Passwordstate API authorization

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument...

4.3CVSS6.8AI score0.00844EPSS
Exploits1References3
CVE
CVE
added 2022/12/19 12:0 a.m.67 views

CVE-2022-4611

CVE-2022-4611 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Vulnerability details in the provided documents indicate a manipulation that results in hard-coded credentials in an unspecified part of the product, with remote initiation possible and public disclosure...

5.3CVSS4.9AI score0.01225EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 12:0 a.m.5 views

CVE-2022-4613 Click Studios Passwordstate Browser Extension Provisioning improper authorization

A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated...

5CVSS7.1AI score0.00726EPSS
Exploits1References3
CVE
CVE
added 2022/12/19 12:0 a.m.44 views

CVE-2022-3876

CVE-2022-3876 affects Click Studios Passwordstate and Passwordstate Browser Extension Chrome. The vulnerability lies in the API path /api/browserextension/UpdatePassword/ where manipulating the PasswordID argument bypasses authorization. The attack may be initiated remotely and the exploit has be...

6.5CVSS5.6AI score0.00844EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/03/21 1:15 p.m.20 views

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

6.5CVSS0.00807EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/21 1:15 p.m.5 views

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

6.5CVSS5.4AI score0.00807EPSS
Exploits1References4
Prion
Prion
added 2022/03/21 1:15 p.m.20 views

Default credentials

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

4CVSS6.5AI score0.00807EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/03/21 12:59 p.m.81 views

CVE-2022-25570

Technical details (versions, root cause, impact, and fixes) are not publicly provided in the connected documents; monitor for updates.

6.5CVSS6.5AI score0.00807EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/21 12:59 p.m.26 views

CVE-2022-25570

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

6.8AI score0.00807EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2021/04/30 7:24 a.m.45 views

Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a...

1.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/27 9:36 a.m.49 views

Password manager hijacked to deliver malware in supply chain attack

In the latest example of a supply chain attack, cybercriminals delivered malware to customers of the business password manager Passwordstate by breaching its developer’s networks and then deploying a fraudulent update last week, said Passwordstate’s maker, Click Studios. Though the number of...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/24 8:9 a.m.83 views

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update...

0.4AI score
Exploits0
CVE
CVE
added 2020/10/29 5:26 p.m.41 views

CVE-2020-27747

CVE-2020-27747 concerns Click Studios Passwordstate 8.9 (Build 8973). The issue: if a user set a 4‑digit PIN via the mobile built‑in generator, a remote attacker can brute‑force the PIN, potentially exposing all passwords accessible to the affected account. The available documents describe the af...

6.8CVSS6.6AI score0.01091EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/08/08 12:0 a.m.7 views

Click Studios Passwordstate Cross-Site Scripting Vulnerability

Click Studios Passwordstate is a web-based password manager from Click Studios Australia. A cross-site scripting vulnerability exists in versions prior to Click Studios Passwordstate 8.3 Build 8397. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS5.3AI score0.00526EPSS
Exploits0References1
Prion
Prion
added 2018/08/01 6:29 a.m.16 views

Hardcoded credentials

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...

3.5CVSS5.1AI score0.00526EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/08/01 6:29 a.m.23 views

CVE-2018-14776

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...

5.4CVSS5.2AI score0.00526EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/01 6:0 a.m.18 views

CVE-2018-14776

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...

5.2AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2018/08/01 6:0 a.m.45 views

CVE-2018-14776

CVE-2018-14776 affects Click Studios Passwordstate (web-based password manager) prior to version 8.3 Build 8397. The vulnerability is an authenticated-user cross-site scripting (XSS) flaw triggered by uploading an HTML document, enabling injection of arbitrary script when viewed by other authenti...

5.4CVSS5.1AI score0.00526EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder