Command Line Interface
CVE-2020-10256
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.
AnalysisAI
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption. Affected products include: 1Password Command Line Interface, 1Password Scim. Version information: prior to 0.5.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Command Line Interface
View allIn Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appw
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. Ra
Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerab
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to cre
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today