CVE-2024-39846

Name of the Vulnerable Software and Affected Versions NewPass versions prior to 1.2.0

Description The issue allows unauthorized access to sensitive information because passwords are stored directly rather than as password hashes. Although data at rest is encrypted, it is decrypted within process memory during use, making it easier to obtain unauthorized access.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update can be applied.