CVE-2023-51772

Name of the Vulnerable Software and Affected Versions One Identity Password Manager versions prior to 5.13.1

Description The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based browser in Kiosk mode. The escape sequence involves waiting for a session timeout, clicking on the Help icon, navigating to a website that offers file upload, accessing cmd.exe from the file explorer window, and launching cmd.exe as NT AUTHORITYSYSTEM.

Recommendations For versions prior to 5.13.1, update to version 5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Help icon and file upload functionality in the Kiosk mode browser to minimize the risk of exploitation.