Cveclient Encrypt Storage Js
Monthly
Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.
Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.