Описание
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
Ссылки
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
EPSS
6.8 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
EPSS
6.8 Medium
CVSS3
2.1 Low
CVSS2