Lucene search
K

86 matches found

Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.16 views

PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...

7.4CVSS7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.3 views

PT-2024-6802 · Passwork · Passwork

Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to the lack of protection measures for the web page structure in the password manager Passwork. This can be exploited by a remote attacker to perform a DOM Based XSS...

4.9CVSS6.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/01/09 12:0 a.m.7 views

The vulnerability of corporate managers’ passwords in Passwork, related to deficiencies in authentication procedures, allows attackers to bypass two-factor authentication (2FA).

The vulnerability of corporate managers’ passwords in Passwork is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass two-factor authentication by obtaining a one-time six-digit code...

8.5CVSS7.5AI score0.00637EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/26 2:15 p.m.4 views

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

8.1CVSS7.3AI score0.00637EPSS
Exploits1References3
OSV
OSV
added 2023/12/26 2:15 p.m.5 views

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

8.1CVSS7.3AI score0.00637EPSS
Exploits1References2
NVD
NVD
added 2023/12/26 2:15 p.m.22 views

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

8.1CVSS0.00637EPSS
Exploits1References2
Prion
Prion
added 2023/12/26 2:15 p.m.12 views

Design/Logic Flaw

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

5.5CVSS6.9AI score0.00637EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.5 views

PT-2023-8120 · Passwork · Passwork

Name of the Vulnerable Software and Affected Versions: Passwork versions prior to 6.2.0 Description: The issue is related to weaknesses in the authorization procedure of Passwork, a corporate password manager. It allows a remote attacker to bypass two-factor authentication 2FA by brute-forcing a...

8.1CVSS8.2AI score0.00637EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.5 views

Passwork Security Vulnerabilities

PassWork is a password manager from PassWork, Inc. A security vulnerability exists in versions prior to Passwork 6.2.0 that stems from a vulnerability that allows users to bypass 2FA via brute force cracking...

8.1CVSS6.8AI score0.00637EPSS
Exploits1References3
CVE
CVE
added 2023/12/26 12:0 a.m.54 views

CVE-2023-49949

Passwork before 6.2.0 contains a vulnerability in the authorization procedure that allows a remote authenticated user to bypass two‑fact‑authentication (2FA) by brute‑forcing a one‑time six‑digit code. Affected software is Passwork prior to 6.2.0 . The issue arises from weaknesses in the 2FA work...

8.1CVSS7.7AI score0.00637EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/12/26 12:0 a.m.15 views

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

8AI score0.00637EPSS
Exploits1References2
OSV
OSV
added 2022/11/07 1:15 p.m.4 views

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

7.5CVSS5.8AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2022/11/07 1:15 p.m.2 views

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...

7.5CVSS5.8AI score0.00356EPSS
Exploits0References2
NVD
NVD
added 2022/11/07 1:15 p.m.22 views

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

7.5CVSS0.00356EPSS
Exploits0References2
NVD
NVD
added 2022/11/07 1:15 p.m.23 views

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...

7.5CVSS0.00356EPSS
Exploits0References2
Prion
Prion
added 2022/11/07 1:15 p.m.20 views

Command injection

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

5CVSS7.5AI score0.00356EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/07 12:0 a.m.60 views

CVE-2022-42956

The PassWork extension for Chrome/other browsers (version 5.0.9) is affected by CVE-2022-42956, allowing an attacker to obtain the cleartext master password. The base CVSS is High (7.5/3.1) with network attack, no user interaction required. Public details in the provided documents do not include ...

7.5CVSS7.4AI score0.00356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.8 views

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials...

7.5AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.8 views

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...

7.5AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/07 12:0 a.m.21 views

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password...

7.6AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder