Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
References
Configurations
History
21 Nov 2024, 07:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bitwarden/clients - Product | |
References | () https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19 - Product | |
References | () https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16 - Product | |
References | () https://hackerone.com/reports/1874155 - Exploit, Issue Tracking, Third Party Advisory |
15 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. |
16 Jun 2023, 18:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bitwarden:bitwarden:*:*:*:*:desktop:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
CWE | CWE-312 | |
First Time |
Bitwarden
Bitwarden bitwarden |
|
References | (MISC) https://github.com/bitwarden/clients - Product | |
References | (MISC) https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19 - Product | |
References | (MISC) https://hackerone.com/reports/1874155 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16 - Product |
09 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-09 19:15
Updated : 2024-11-21 07:53
NVD link : CVE-2023-27706
Mitre link : CVE-2023-27706
CVE.ORG link : CVE-2023-27706
JSON object : View
Products Affected
bitwarden
- bitwarden
CWE
CWE-312
Cleartext Storage of Sensitive Information