PT-2023-21302 · Bitwarden · Bitwarden Windows Desktop Application

Mebeim

Publicado

2023-06-09

Atualizado

2025-01-06

CVE-2023-27706

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Bitwarden Windows desktop application versions prior to v2023.4.0

Description The issue concerns the storage of biometric keys in the Windows Credential Manager by the Bitwarden Windows desktop application, making them accessible to other local unprivileged processes. This highlights challenges in secure password management.

Recommendations For versions prior to v2023.4.0, update to version v2023.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Windows Credential Manager to minimize the risk of exploitation.

Exploit

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2023-27706

Produtos afetados

Bitwarden Windows Desktop Application

PT-2023-21302 · Bitwarden · Bitwarden Windows Desktop Application

CVE-2023-27706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10