CVE-2019-10845

Name of the Vulnerable Software and Affected Versions Uniqkey Password Manager version 1.14

Description An issue was discovered in Uniqkey Password Manager where the code of a pop-up window can be read and manipulated by remote servers. This pop-up window appears when entering new credentials to an unregistered site, asking the user to save these credentials. The window remains on any page the user visits until a decision is made. A malicious web server can manipulate the pop-up, causing it not to appear and preventing users from securing their credentials. This issue is related to the elements id="uniqkey-password-popup" and password-popup/popup.html.

Recommendations For Uniqkey Password Manager version 1.14, as a temporary workaround, consider disabling the pop-up window related to id="uniqkey-password-popup" and password-popup/popup.html until a patch is available. Restrict access to the password-popup/popup.html module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.