CVE-2022-3875

Name of the Vulnerable Software and Affected Versions Click Studios Passwordstate versions prior to 9.6 build 9653 Click Studios Passwordstate Browser Extension Chrome versions prior to 9.6 build 9653

Description A critical vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome, affecting the component API. The manipulation leads to authentication bypass by assumed-immutable data, and the attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Researchers discovered seven types of vulnerabilities, including problems related to authentication and authorization bypass, incorrect password protection, hardcoded credentials, and XSS vulnerability. The vulnerability may allow an unauthenticated attacker to extract user passwords. Given the product's wide adoption, including by Fortune 500 companies, Passwordstate is a frequent target for hackers.

Recommendations For Click Studios Passwordstate versions prior to 9.6 build 9653, upgrade to version 9.6 build 9653 or later to resolve the issue. For Click Studios Passwordstate Browser Extension Chrome versions prior to 9.6 build 9653, upgrade to version 9.6 build 9653 or later to resolve the issue. As a temporary workaround, consider restricting access to the API component until a patch is available. Avoid using the Passwordstate Browser Extension Chrome until the issue is resolved.