CVE-2019-10676

Name of the Vulnerable Software and Affected Versions Uniqkey Password Manager version 1.14

Description A security issue was found where the login credentials and URL are sent in cleartext within a pop-up window. This pop-up appears when a user enters new credentials for a site not registered in the product, and it remains on any page the user visits until a decision is made. The code of this pop-up, identified by id="uniqkey-password-popup" and related to password-popup/popup.html, can be accessed by remote servers, potentially allowing malicious servers to obtain the sensitive information.

Recommendations For Uniqkey Password Manager version 1.14, consider disabling the password saving feature temporarily until a fix is available to prevent the exposure of login credentials. Restrict access to the password-popup/popup.html module to minimize the risk of exploitation. Avoid using the affected pop-up window, identified by id="uniqkey-password-popup", until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.