** DISPUTED ** An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).
References
Configurations
Configuration 1 (hide)
|
History
31 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jul 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information). |
20 Jul 2023, 19:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CPE | cpe:2.3:a:keepersecurity:keeper:16.10.2:*:*:*:*:*:*:* cpe:2.3:a:keepersecurity:keeperfill:16.5.4:*:*:*:*:*:*:* |
|
CWE | CWE-522 | |
References | (MISC) https://harkenzo.tlstickle.com/2023-06-12-Keeper-Password-Dumping/ - Third Party Advisory |
12 Jul 2023, 17:58
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-12 16:15
Updated : 2024-08-02 17:16
NVD link : CVE-2023-36266
Mitre link : CVE-2023-36266
CVE.ORG link : CVE-2023-36266
JSON object : View
Products Affected
keepersecurity
- keeper
- keeperfill
CWE
CWE-522
Insufficiently Protected Credentials