CVE-2023-23349— Kaspersky Password Manager 安全漏洞

N/A

Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

在内存中的明文存储

Kaspersky Password Manager 安全漏洞

Kaspersky Password Manager是俄罗斯卡巴斯基（Kaspersky）实验室的一个应用软件。提供一个管理密码功能。 Kaspersky Password Manager 24.0.0.427之前版本存在安全漏洞，该漏洞源于允许在使用 Google Chrome 的 KPM 扩展程序时从内存转储自动填充的凭据，攻击者利用该漏洞可以窃取这些特定的凭据。

N/A

N/A