Lucene search
+L

4 matches found

attackerkb
attackerkb
added 2023/03/09 12:15 a.m.4 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.5CVSS7.1AI score0.00995EPSS
Exploits1References4
osv
osv
added 2023/03/08 12:0 a.m.6 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.5CVSS6.8AI score0.00995EPSS
Exploits1References5
cve
cve
added 2023/03/08 12:0 a.m.54 views

CVE-2023-27974

Bitwarden (versions up to 2023.2.1) is affected by a domain-matching password autofill issue: when visiting a subdomain like customer-website.example.com, a stored password for example.com may be auto-filled due to second-level domain matching. The vendor notes that “Auto-fill on page load” is no...

7.5CVSS7.6AI score0.00995EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2023/03/08 12:0 a.m.15 views

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

7.8AI score0.00995EPSS
Exploits1References3
Rows per page
Query Builder