CVE-2024-24272

Published Mar 21, 2024

Last updated 9 months ago

CVSS high 7.1

Overview

Description: An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.
Source: cve@mitre.org
NVD status: Analyzed
Products: dualsafe_password_manager

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 5.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-532

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:itopvpn:dualsafe_password_manager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8C299234-0F50-43F6-B46A-4C493BB1D180",
            "versionEndExcluding": "1.4.24",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.•CVE-2024-7326

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References