CVE-2023-27706
7.1HIGHBitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Published: 6/9/2023Updated: 1/6/2025
Description
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
AI AnalysisPowered by AI
Affected Products
bitwardenbitwarden
References
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory