Uniqkey Password Manager 1.14 Credentials credentials management

A vulnerability has been found in Uniqkey Password Manager 1.14 and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/05/2019 01:24 PM05/26/2020 10:16 AM
vendorUniqkeyUniqkey
namePassword ManagerPassword Manager
version1.141.14
vendorinformdate15466464001546646400
cwe255 (credentials management)255 (credentials management)
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.03.0
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiNN
cvss3_meta_basescore6.56.5
cvss3_meta_tempscore5.45.4
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore3.63.6
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
titlewordCredentialsCredentials
advisoryquoteUniqkey Password Manager 1.14 contains a vulnerability which fails to recognise the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.Uniqkey Password Manager 1.14 contains a vulnerability which fails to recognise the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.
date1548201600 (01/23/2019)1548201600 (01/23/2019)
person_nameGionathan RealeGionathan Reale
availability11
date1548201600 (01/23/2019)1548201600 (01/23/2019)
publicity11
developer_nameGionathan RealeGionathan Reale
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1548201600 (01/23/2019)1548201600 (01/23/2019)
cveCVE-2019-10884CVE-2019-10884
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcUCUC
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcUU
reaction_days1818
0day_days1818
cvss3_nvd_basescore8.88.8
discoverydate1554422400
cve_assigned1554422400 (04/05/2019)

Do you know our Splunk app?

Download it now for free!