CVE-2023-27706
7.1HIGHBitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Опубликовано: 6/9/2023Обновлено: 1/6/2025
Описание
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
ИИ-АнализНа базе ИИ
Затронутые продукты
bitwardenbitwarden
Ссылки
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory
- https://github.com/bitwarden/clientsProduct
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/biometric/windows.rs#L19Product
- https://github.com/bitwarden/clients/blob/8b5a223ad4ca0f89b6c9bcdbddef464d1755d2c0/apps/desktop/desktop_native/src/password/windows.rs#L16Product
- https://hackerone.com/reports/1874155ExploitIssue TrackingThird Party Advisory