| Titel | Uniqkey Password Manager 1.14 - Domain Confusion |
|---|
| Beschreibung | Uniqkey Password Manager 1.14 contains a vulnerability which fails to recognise the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.
A proof of concept has been seen with sites.google.com
Fix:
Update to the current version.
-----------------------------------------------------------------------------------------------------------------------------------------------------
Disclosure:
Vendor contacted: 5th Jan 2019
Issue fixed : 23rd Jan 2019
Bug Bounty paid: 4th Feb 2019
The vendor was very professional and responded well most of the time.
|
|---|
| Benutzer | GionathanReale (UID 2768) |
|---|
| Einreichung | 05.04.2019 08:34 (vor 7 Jahren) |
|---|
| Moderieren | 05.04.2019 13:24 (5 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 133069 [Uniqkey Password Manager 1.14 Credentials erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|