PT-2020-16798 · Click Studios · Passwordstate
Dmitry Kuramin
·
Published
2020-10-29
·
Updated
2021-07-21
·
CVE-2020-27747
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Click Studios Passwordstate version 8.9 (Build 8973)
Description
A security issue allows a remote attacker to perform a brute force attack on a 4-digit PIN code generated by the built-in generator for mobile device access. This could result in the attacker gaining access to all passwords available for the affected account.
Recommendations
For Click Studios Passwordstate version 8.9 (Build 8973), consider temporarily disabling the PIN code feature for mobile device access until a patch is available. Restrict access to sensitive password data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Passwordstate