PT-2024-2341 · Google+1 · Google Chrome+1

Efstratios Chatzoglou

Published

2024-03-18

Updated

2024-03-26

CVE-2023-23349

CVSS v3.1

2.2

Low

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kaspersky Password Manager versions prior to 24.0.0.427

Description The issue is related to the recovery of auto-filled credentials from a memory dump when the Kaspersky Password Manager extension for Google Chrome is used. An attacker must trick a user into visiting a login form of a website with saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.

Recommendations For Kaspersky Password Manager versions prior to 24.0.0.427, update to the latest version as soon as possible to resolve the issue. As a temporary workaround, consider disabling the KPM extension for Google Chrome until the update is applied. Restrict access to sensitive information and avoid using the autofill feature in Google Chrome until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-316

Related Identifiers

BDU:2024-02289

CVE-2023-23349

Affected Products

Google Chrome

Kaspersky Password Manager

PT-2024-2341 · Google+1 · Google Chrome+1

CVE-2023-23349

Weakness Enumeration

Related Identifiers

Affected Products

References · 11