CVE-2024-9203 – Enpass Password Manager sensitive information in memory
https://notcve.org/view.php?id=CVE-2024-9203
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. • https://vuldb.com/?id.278561 https://vuldb.com/?ctiid.278561 https://vuldb.com/?submit.411207 https://www.enpass.io/release-notes/windows-10-desktop • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVE-2023-51772
https://notcve.org/view.php?id=CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager • CWE-613: Insufficient Session Expiration •
CVE-2023-48654 – One Identity Password Manager Kiosk Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager •
CVE-2023-4003 – One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation
https://notcve.org/view.php?id=CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. One Identity Password Manager versión 5.9.7.1: un atacante no autenticado con acceso físico a una estación de trabajo puede actualizar los privilegios a SISTEMA mediante un método no especificado. CWE-250: Ejecución con privilegios innecesarios. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-250: Execution with Unnecessary Privileges •
CVE-2022-28394
https://notcve.org/view.php?id=CVE-2022-28394
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). CVE de producto EOL - El instalador de Trend Micro Password Manager (Consumer) versiones 3.7.0.1223 y posteriores proporcionado por Trend Micro Incorporated contiene un problema con la ruta de búsqueda de DLL, que puede provocar la carga insegura de bibliotecas de enlace dinámico CWE-427). Tenga en cuenta que este problema se ha detectado en una versión EOL del producto, por lo que se recomienda a los usuarios que actualicen a la última versión compatible (5.x). • https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 https://jvn.jp/en/jp/JVN60037444 https://jvn.jp/jp/JVN60037444 • CWE-427: Uncontrolled Search Path Element •