CVE-2023-23349
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
Kaspersky solucionó un problema de seguridad en Kaspersky Password Manager (KPM) para Windows que permitía a un usuario local recuperar las credenciales autocompletadas de un volcado de memoria cuando se usaba la extensión KPM para Google Chrome. Para explotar el problema, un atacante debe engañar a un usuario para que visite un formulario de inicio de sesión de un sitio web con las credenciales guardadas, y la extensión KPM debe completar automáticamente estas credenciales. Luego, el atacante debe iniciar un módulo de malware para robar esas credenciales específicas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-01-11 CVE Reserved
- 2024-03-22 CVE Published
- 2024-03-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-316: Cleartext Storage of Sensitive Information in Memory
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324 | 2024-03-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaspersky Search vendor "Kaspersky" | Kaspersky Password Manager For Windows Search vendor "Kaspersky" for product "Kaspersky Password Manager For Windows" | < 24.0.0.427 Search vendor "Kaspersky" for product "Kaspersky Password Manager For Windows" and version " < 24.0.0.427" | en |
Affected
|