Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.15 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3CVSS7AI score0.00861EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-28881

Malware in sbrugna...

5.3CVSS5.6AI score0.00861EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21342

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53898

Malicious code in bioql PyPI...

7.6CVSS6.7AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/16 12:16 a.m.16 views

CVE-2025-27582

The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...

7.6CVSS6.5AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/07/14 1:15 p.m.7 views

CVE-2025-27582

The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...

7.6CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/14 12:0 a.m.10 views

CVE-2025-27582

The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the application attempts ...

7.6CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/07/14 12:0 a.m.26 views

CVE-2025-27582

Vulnerability context: CVE-2025-27582 affects One Identity Password Manager prior to 5.14.4. The Secure Password extension uses a kiosk browser to display Password Self‑Service and blocks privileged actions by overriding window.print(). The flaw allows a local attacker with access to a locked wor...

7.6CVSS6.6AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.4 views

PT-2025-29461 · One Identity · One Identity Password Manager

Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.14.4 Description: The Secure Password extension in One Identity Password Manager contains a flaw in its security hardening mechanism within the kiosk browser used for the Password Self-Service...

7.6CVSS6.4AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2023/12/25 6:15 a.m.7 views

CVE-2023-48654

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...

9.8CVSS5.8AI score0.01013EPSS
Exploits1References3
NVD
NVD
added 2023/12/25 6:15 a.m.9 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

8.8CVSS0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/25 12:0 a.m.12 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

6.8AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2023/12/25 12:0 a.m.51 views

CVE-2023-51772

CVE-2023-51772 affects One Identity Password Manager before 5.13.1. The vulnerability arises from the login screen’s Kiosk mode workflow, which launches a Chromium-based browser to reset Active Directory passwords. The root cause enables an attacker to escape the kiosk sandbox by navigating throu...

8.8CVSS8.5AI score0.00515EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/12/13 12:0 a.m.399 views

One Identity Password Manager Kiosk Escape Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...

7.4AI score0.01013EPSS
Exploits1
NVD
NVD
added 2023/09/27 3:19 p.m.13 views

CVE-2023-4003

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

7.6CVSS7.5AI score0.00473EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 3:19 p.m.22 views

Default credentials

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

4.6CVSS6.6AI score0.00473EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 12:11 p.m.9 views

CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

7.6CVSS6.9AI score0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 12:11 p.m.18 views

CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

7.6CVSS7.7AI score0.00473EPSS
Exploits0References1
CVE
CVE
added 2023/09/27 12:11 p.m.57 views

CVE-2023-4003

CVE-2023-4003 affects One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method (described as a privilege escalation due to execution with unnecessary privileges). The vulnerabili...

7.6CVSS6.8AI score0.00473EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.7 views

PT-2023-27224 · One Identity · One Identity Password Manager

Name of the Vulnerable Software and Affected Versions: One Identity Password Manager version 5.9.7.1 Description: An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. This issue is related to execution with unnecessary...

7.6CVSS6.3AI score0.00473EPSS
Exploits0References3
Rows per page
Query Builder