CVE-2020-10256

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.

Se detectó un problema en las versiones beta de la herramienta de línea de comandos 1Password versiones anteriores a 0.5.5 y en las versiones beta de 1Password SCIM bridge anteriores a 0.7.3. Se usó un generador de números aleatorios no seguro para generar varias claves. Un atacante con acceso a los datos cifrados del usuario puede ser capaz de llevar a cabo cálculos de fuerza bruta de las claves de cifrado y, por lo tanto, tener éxito en el descifrado

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-09 CVE Reserved
2020-10-27 CVE Published
2024-08-04 CVE Updated
2024-08-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.1password.com/command-line	2024-03-25
https://support.1password.com/kb/202010	2024-03-25
https://support.1password.com/scim	2024-03-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
1password Search vendor "1password"		Command Line Interface Search vendor "1password" for product "Command Line Interface"				< 0.5.5 Search vendor "1password" for product "Command Line Interface" and version " < 0.5.5"		-		Affected
1password Search vendor "1password"		Scim Search vendor "1password" for product "Scim"				< 0.7.3 Search vendor "1password" for product "Scim" and version " < 0.7.3"		-		Affected