CVE Vulnerabilities

CVE-2019-10845

Published: Apr 08, 2019 | Modified: Aug 24, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isnt registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent, manipulated by remote servers. This pop-up window will stay on any page the user visits within the browser until a decision is made. A malicious web server can forcefully manipulate the pop-up and cause it not to appear, stopping users from securing their credentials. This vulnerability is related to id=uniqkey-password-popup and password-popup/popup.html, but is a different vulnerability than CVE-2019-10676.

Affected Software

Name Vendor Start Version End Version
Password_manager Uniqkey 1.14 (including) 1.14 (including)

References