| Title | Uniqkey Password Manager 1.14 - Domain Confusion |
|---|
| Description | Uniqkey Password Manager 1.14 contains a vulnerability which fails to recognise the difference between domains and sub-domains. The vulnerability means that passwords saved for example.com will be recommended for usersite.example.com. This could lead to successful phishing campaigns and create a sense of false security.
A proof of concept has been seen with sites.google.com
Fix:
Update to the current version.
-----------------------------------------------------------------------------------------------------------------------------------------------------
Disclosure:
Vendor contacted: 5th Jan 2019
Issue fixed : 23rd Jan 2019
Bug Bounty paid: 4th Feb 2019
The vendor was very professional and responded well most of the time.
|
|---|
| User | GionathanReale (UID 2768) |
|---|
| Submission | 04/05/2019 08:34 (7 years ago) |
|---|
| Moderation | 04/05/2019 13:24 (5 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 133069 [Uniqkey Password Manager 1.14 Credentials credentials management] |
|---|
| Points | 17 |
|---|