Default credentials

2022-03-2113:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.5%

JSON

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.

CPENameOperatorVersion
passwordstateeq9.4 build-9435

CPE	Name	Operator	Version
	passwordstate	eq	9.4 build-9435

References

sysadms.de/2022/03/cve-2022-25570-standard-berechtigungsmodell-im-passwortmanager-passwordstate-ermoeglicht-rechteausweitung/

www.clickstudios.com.au/passwordstate-changelog.aspx