CVE-2024-39846

June 29, 2024, 9:15 p.m.

None
No Score

Description

NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.

Product(s) Impacted

Product Versions
NewPass
  • ['before 1.2.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/6eero/NewPass/commit/13f0a844d64927450fa751deb7cc06beba699720
https://github.com/6eero/NewPass/releases/tag/v1.2.0

Tags

cve@mitre.org
2024-06-29
CVE-2024-39846

Timeline

Published: June 29, 2024, 9:15 p.m.
Last Modified: June 29, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.