漏洞标题
N/A
漏洞描述信息
在 Uniqkey Password Manager 1.14 中发现了一个问题。在输入新的登录凭据到未在此产品注册的网站时,会弹出一个窗口提示用户是否要保存这个新密码。这个弹出窗口将在浏览器中输入的页面上持续存在,直到做出决定。弹出窗口的代码可以被远程服务器读取,其中包含用户名和URL的纯文本信息。恶意服务器可以轻松地从弹出窗口中获取这些信息。这与 id="uniqkey-password-popup" 和 password-popup/popup.html. 有关。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Uniqkey Password Manager 信息泄露漏洞
漏洞描述信息
Uniqkey Password Manager是一款密码管理器。 Uniqkey Password Manager 1.14版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。
CVSS信息
N/A
漏洞类别
信息泄露