86 matches found
PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...
PT-2024-6802 · Passwork · Passwork
Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to the lack of protection measures for the web page structure in the password manager Passwork. This can be exploited by a remote attacker to perform a DOM Based XSS...
The vulnerability of corporate managers’ passwords in Passwork, related to deficiencies in authentication procedures, allows attackers to bypass two-factor authentication (2FA).
The vulnerability of corporate managers’ passwords in Passwork is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass two-factor authentication by obtaining a one-time six-digit code...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
Design/Logic Flaw
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
PT-2023-8120 · Passwork · Passwork
Name of the Vulnerable Software and Affected Versions: Passwork versions prior to 6.2.0 Description: The issue is related to weaknesses in the authorization procedure of Passwork, a corporate password manager. It allows a remote attacker to bypass two-factor authentication 2FA by brute-forcing a...
Passwork Security Vulnerabilities
PassWork is a password manager from PassWork, Inc. A security vulnerability exists in versions prior to Passwork 6.2.0 that stems from a vulnerability that allows users to bypass 2FA via brute force cracking...
CVE-2023-49949
Passwork before 6.2.0 contains a vulnerability in the authorization procedure that allows a remote authenticated user to bypass two‑fact‑authentication (2FA) by brute‑forcing a one‑time six‑digit code. Affected software is Passwork prior to 6.2.0 . The issue arises from weaknesses in the 2FA work...
CVE-2023-49949
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...
CVE-2022-42955
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...
CVE-2022-42956
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...
CVE-2022-42955
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...
CVE-2022-42956
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...
Command injection
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...
CVE-2022-42956
The PassWork extension for Chrome/other browsers (version 5.0.9) is affected by CVE-2022-42956, allowing an attacker to obtain the cleartext master password. The base CVSS is High (7.5/3.1) with network attack, no user interaction required. Public details in the provided documents do not include ...
CVE-2022-42955
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...
CVE-2022-42956
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...
CVE-2022-42956
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...