CVE-2023-23349

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23349
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.

2.2 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324
Configurations

No configuration.

History

21 Nov 2024, 07:46

Type Values Removed Values Added
Summary
  • (es) Kaspersky solucionó un problema de seguridad en Kaspersky Password Manager (KPM) para Windows que permitía a un usuario local recuperar las credenciales autocompletadas de un volcado de memoria cuando se usaba la extensión KPM para Google Chrome. Para explotar el problema, un atacante debe engañar a un usuario para que visite un formulario de inicio de sesión de un sitio web con las credenciales guardadas, y la extensión KPM debe completar automáticamente estas credenciales. Luego, el atacante debe iniciar un módulo de malware para robar esas credenciales específicas.
References () https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324 - () https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324 -

22 Mar 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-22 17:15

Updated : 2024-11-21 07:46

NVD link : CVE-2023-23349

Mitre link : CVE-2023-23349

CVE.ORG link : CVE-2023-23349

JSON object : View

Products Affected

No product.

CWE
CWE-316

Cleartext Storage of Sensitive Information in Memory


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024