24 matches found
CVE-2020-7962
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...
EUVD-2020-28881
Malware in sbrugna...
EUVD-2025-21342
Malicious code in bioql PyPI...
EUVD-2023-53898
Malicious code in bioql PyPI...
CVE-2025-27582
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...
CVE-2025-27582
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...
CVE-2025-27582
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...
CVE-2025-27582
Vulnerability context: CVE-2025-27582 affects One Identity Password Manager prior to 5.14.4. The Secure Password extension uses a kiosk browser to display Password Self‑Service and blocks privileged actions by overriding window.print(). The flaw allows a local attacker with access to a locked wor...
PT-2025-29461 · One Identity · One Identity Password Manager
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.14.4 Description: The Secure Password extension in One Identity Password Manager contains a flaw in its security hardening mechanism within the kiosk browser used for the Password Self-Service...
CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
CVE-2023-51772
CVE-2023-51772 affects One Identity Password Manager before 5.13.1. The vulnerability arises from the login screen’s Kiosk mode workflow, which launches a Chromium-based browser to reset Active Directory passwords. The root cause enables an attacker to escape the kiosk sandbox by navigating throu...
One Identity Password Manager Kiosk Escape Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
Default credentials
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...
CVE-2023-4003
CVE-2023-4003 affects One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method (described as a privilege escalation due to execution with unnecessary privileges). The vulnerabili...
PT-2023-27224 · One Identity · One Identity Password Manager
Name of the Vulnerable Software and Affected Versions: One Identity Password Manager version 5.9.7.1 Description: An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. This issue is related to execution with unnecessary...