CVE-2019-10676

{"id": "CVE-2019-10676", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-04-08T17:29:00.497", "references": [{"url": "https://cxsecurity.com/issue/WLB-2019040055", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://packetstormsecurity.com/files/152410/Uniqkey-Password-Manager-1.14-Credential-Disclosure.html", "tags": ["VDB Entry", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2019/Apr/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://vuldb.com/?id.132740", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id=\"uniqkey-password-popup\" and password-popup/popup.html."}, {"lang": "es", "value": "Se ha detectado un problema en Uniqkey Password Manager versi\u00f3n 1.14. Al introducir nuevas credenciales a un sitio que no est\u00e1 registrado dentro de este producto, aparecer\u00e1 una ventana emergente que le solicitar\u00e1 al usuario si desea guardar esta nueva contrase\u00f1a. Esta ventana emergente persistir\u00e1 en cualquier p\u00e1gina que el usuario ingresa dentro del navegador hasta que una decisi\u00f3n se haya tomado. El c\u00f3digo de la ventana emergente se puede leer por los servidores remotos y contiene las credenciales de inicio de sesi\u00f3n y la direcci\u00f3n URL en texto sin cifrar. Un servidor malicioso podr\u00eda f\u00e1cilmente tomar esta informaci\u00f3n de la ventana emergente. Esto est\u00e1 relacionado con id=\"uniqkey-password-popup\" y password-popup/popup.html."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uniqkey:password_manager:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A0462E-58EB-41FA-8FBA-C8B2C1872530"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}