CVE-2023-23349 in Password Managerinfo

Summary

by MITRE • 03/22/2024

Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/04/2024

The vulnerability CVE-2023-23349 represents a critical memory exposure flaw in Kaspersky Password Manager version 10.2.1.0 and earlier, specifically affecting Windows environments where the KPM extension for Google Chrome is installed. This security issue stems from improper memory handling during the credential autofill process, creating a persistent exposure window that allows local attackers to extract sensitive authentication data from memory dumps. The vulnerability manifests when the Chrome extension automatically fills login credentials, leaving residual data in memory that can be accessed through forensic analysis or malware exploitation techniques. This flaw directly impacts the confidentiality and integrity of stored credentials within the password management ecosystem, potentially compromising user accounts across multiple online services.

The technical exploitation of this vulnerability requires a specific attack vector involving social engineering to诱导 users into visiting websites with saved credentials, followed by the automatic filling process that leaves credential data in memory. The attack scenario demonstrates a classic memory corruption and data recovery pattern where sensitive information is not properly sanitized from memory after use. The flaw operates at the intersection of browser extension security and memory management practices, where the KPM extension fails to implement proper memory clearing mechanisms after credential autofill operations. This vulnerability aligns with CWE-200 (Information Exposure) and CWE-312 (Sensitive Data Exposure) classifications, as it exposes credential data through memory artifacts that should have been securely erased after processing.

The operational impact of this vulnerability extends beyond individual user compromise to potentially enable large-scale credential theft across multiple accounts, particularly when users maintain extensive password databases within Kaspersky Password Manager. Attackers can leverage this vulnerability to extract credentials from memory dumps without requiring elevated privileges or complex exploitation techniques, making it particularly dangerous in environments where memory forensics capabilities exist. The attack requires minimal user interaction beyond visiting a targeted website, making it highly effective for automated credential harvesting campaigns. This vulnerability undermines the fundamental security assumptions of password managers, which are designed to protect against such exposure scenarios through proper memory management and data sanitization protocols.

Organizations and users should immediately update to Kaspersky Password Manager version 10.2.1.1 or later to remediate this vulnerability, as the fix addresses the core memory handling issue in the Chrome extension component. System administrators should conduct comprehensive security assessments to identify any potential memory artifacts that may have been created by prior exploitation attempts, implementing memory monitoring and forensic analysis capabilities to detect such activities. The remediation process should include reviewing browser extension permissions and ensuring that only trusted extensions have access to sensitive credential data. Additionally, security teams should implement network monitoring to detect unusual credential access patterns that may indicate exploitation attempts, while maintaining awareness of similar vulnerabilities in other password management solutions that may exhibit comparable memory exposure characteristics.

Responsible

Kaspersky Labs

Reservation

01/11/2023

Disclosure

03/22/2024

Moderation

accepted

CPE

ready

EPSS

0.00093

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!