CVE-2019-1000001
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.
TeamPass, en versiones 2.1.27 y anteriores, contiene una vulnerabilidad de almacenamiento de contraseñas en formato recuperable en los almacenes de contraseñas compartidos que puede resultar en que todas las contraseñas se pueden recuperar del lado del servidor. Este ataque parece ser explotable mediante una vulnerabilidad que puede omitir la autenticación o la asignación de roles y puede conducir al filtrado de las contraseñas compartidas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-02-04 CVE Published
- 2023-12-27 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2495 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Teampass Search vendor "Teampass" | Teampass Search vendor "Teampass" for product "Teampass" | <= 2.1.27.0 Search vendor "Teampass" for product "Teampass" and version " <= 2.1.27.0" | - |
Affected
| ||||||