CVE-2019-1000001

Опубликовано: 04 фев. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.

Ссылки

https://github.com/nilsteampassnet/TeamPass/issues/2495
Third Party Advisory
https://github.com/nilsteampassnet/TeamPass/issues/2495
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*

Версия до 2.1.27.0 (включая)

EPSS

Процентиль: 56%

0.00338

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

CVE-2019-1000001

CVSS3: 9.8

debian

около 7 лет назад

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a ...

GHSA-q9qr-h33g-fw3j

CVSS3: 9.8

github

больше 3 лет назад

TeamPass Storing Passwords in a Recoverable Format vulnerability

EPSS

Процентиль: 56%

0.00338

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522