CVE-2023-27706
7.1HIGHBitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Publicado: 6/9/2023Atualizado: 1/6/2025
Descrição
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Análise IADesenvolvido por IA
Produtos Afetados
bitwardenbitwarden
Referências
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory