Products
Enpass Password Manager
- up to 6.9.5
Source
cna@vuldb.com
Tags
CVE-2024-9203 details
Published : Sept. 26, 2024, 5:15 p.m.
Last Modified : Sept. 26, 2024, 5:15 p.m.
Last Modified : Sept. 26, 2024, 5:15 p.m.
Description
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
| 1 | 2.5 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-316 | Cleartext Storage of Sensitive Information in Memory | The product stores sensitive information in cleartext in memory. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
2.5
Exploitability Score
1.0
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://vuldb.com/?ctiid.278561 | cna@vuldb.com |
| https://vuldb.com/?id.278561 | cna@vuldb.com |
| https://vuldb.com/?submit.411207 | cna@vuldb.com |
| https://www.enpass.io/release-notes/windows-10-desktop/ | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.