Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Password theft bug chain patched in Passwordstate credential manager

Vulnerabilities in enterprise password manager Passwordstate that could be combined to exfiltrate stored credentials have been patched.

Developed by Australian vendor Click Studios, Passwordstate is an on-premise suite comrpising role-based administration and access control, sensitive information sharing, AES data encryption, and browser extension capabilities. The software has approximately 29,000 users.

Passwordstate was subject to scrutiny by Swiss security consultancy modzero AG following a customer request to check the password manager’s security.

Modzero researchers Constantin Muller, Jan Benninger, and Pascal Zenker duly conducted an audit of Passwordstate and found a range of security issues, as documented in the team’s disclosure report (PDF).

They included CVE-2022-3875, a high severity API authentication bypass (CVSS 7.3); CVE-2022-3876 (CVSS 4.3), where UpdatePassword file manipulation leads to authorization bypass; and CVE-2022-3877 (CVSS 3.5), a cross-site scripting (XSS) flaw in the user interface.

Researchers also found another XSS, the use of hard-coded credentials for APIs, insufficient protection for password lists, and potential exposure of passwords in the browser extension.

Attack chain

A potential attack chain would look like this: forge an API token using a valid username, add malicious password entries with XSS payloads in public and private password lists, wait until an administrator unwittingly opens a password entry, secure a reverse shell, and then pull and dump passwords stored in the Passwordstate instance.

“Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application,” the researchers say.

“The individual vulnerabilities can be chained to gain a shell on the Passwordstate host system and dump all stored passwords in cleartext – starting with nothing more than a valid username!”

According to modzero, Click Studios was “responsive” throughout the disclosure process and quick to triage and patch the researchers’ findings, resulting in Passwordstate version 9.6 (9653).

“Password safety and therefore password management solutions are the foundation on which an organization’s security infrastructure is built on,” modzero commented. “The uncovered findings show the incredible importance of ongoing security audits for critical assets and red teaming engagements within organizations.”

The Daily Swig has reached out to Click Studios and we will update if and when when we hear back.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/password-theft-bug-chain-patched-in-passwordstate-credential-manager

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO