Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10676 | 1 Uniqkey | 1 Password Manager | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html. | |||||
CVE-2019-10884 | 1 Uniqkey | 1 Password Manager | 2020-08-24 | 4.3 MEDIUM | 8.8 HIGH |
Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security. | |||||
CVE-2019-10845 | 1 Uniqkey | 1 Password Manager | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id="uniqkey-password-popup" and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676. |