| عنوان | Uniqkey Password Manager 1.14 - Domain Confusion |
|---|
| الوصف | Uniqkey Password Manager 1.14 contains a vulnerability which fails to recognise the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.
A proof of concept has been seen with sites.google.com
Fix:
Update to the current version.
-----------------------------------------------------------------------------------------------------------------------------------------------------
Disclosure:
Vendor contacted: 5th Jan 2019
Issue fixed : 23rd Jan 2019
Bug Bounty paid: 4th Feb 2019
The vendor was very professional and responded well most of the time.
|
|---|
| المستخدم | GionathanReale (UID 2768) |
|---|
| ارسال | 05/04/2019 08:34 AM (7 سنوات منذ) |
|---|
| الاعتدال | 05/04/2019 01:24 PM (5 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 133069 [Uniqkey Password Manager 1.14 Credentials تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|