Skip to main content

Password Manager CVE-2019-10676

MEDIUM
Improper Privilege Management (CWE-269)
2019-04-08 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 08, 2019 - 17:29 nvd
MEDIUM 6.5

DescriptionNVD

An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html.

AnalysisAI

An issue was discovered in Uniqkey Password Manager 1.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An issue was discovered in Uniqkey Password Manager 1.14. Upon entering new credentials to a site that is not registered within this product, a pop-up window will appear prompting the user if they want to save this new password. This pop-up window will persist on any page the user enters within the browser until a decision is made. The code of the pop-up window can be read by remote servers and contains the login credentials and URL in cleartext. A malicious server could easily grab this information from the pop-up. This is related to id="uniqkey-password-popup" and password-popup/popup.html. Affected products include: Uniqkey Password Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2016-3987 CRITICAL POC
9.8 Apr 12

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url para

CVE-2019-14684 HIGH POC
7.8 Aug 20

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker

CVE-2023-48654 CRITICAL
9.8 Dec 25

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2024-26362 HIGH
8.8 Apr 10

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to r

CVE-2023-51772 HIGH
8.8 Dec 25

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated high severity (CVSS 8.8), this vulnerability is r

CVE-2021-32462 HIGH
8.8 Jul 08

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remo

CVE-2019-10884 HIGH
8.8 Apr 05

Uniqkey Password Manager 1.14 contains a vulnerability because it fails to recognize the difference between domains and

CVE-2025-52837 HIGH
7.8 Jul 10

Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contains a privilege escalation vulnerability expl

CVE-2022-28394 HIGH
7.8 May 27

EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend M

CVE-2022-30523 HIGH
7.8 May 16

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalat

CVE-2022-26337 HIGH
7.8 Mar 08

Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search P

CVE-2021-35052 HIGH
7.8 Nov 23

A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to Hi

Share

CVE-2019-10676 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy