One Identity Password Manager Kiosk Escape Privilege Escalation (CVE-2023-48654)

Key Information Title: Kiosk Escape Privilege Escalation Product: One Identity Password Manager Secure Password Extension Vulnerable Version: <5.13.1 Fixed Version: 5.13.1 CVE Number: CVE-2023-48654 Impact: Critical Vendor Homepage: https://www.oneidentity.com/products/ Found Date: 09.10.2023 Authors: Stefan Schweighofer, Constantin Schieber-Knöbl (Office Vienna), Armin Weihbold (Office Linz) --- Vulnerability Overview Description: The Password Manager Extension from One Identity can be exploited to perform kiosk escapes on the lock screen of a Windows client, enabling an attacker to execute commands with SYSTEM privileges. Types of Vulnerability: 1. Password Manager Kiosk Escape with Google ReCAPTCHA (CVE-2023-48654) 2. Password Manager Kiosk Escape after Session Timeout Proof of Concept: An attacker can leverage a locked machine with the extension installed to launch a kiosk mode browser and bypass its restrictions using external links and browser features. Vulnerable/Tested Versions: 5.13 (all previous versions assumed affected) --- Solution & Workaround Vendor Solution: Patch version 5.13.1 is available for download from the vendor's support site. Workaround: None provided. --- Vendor Contact Timeline Timeline of communication with the vendor from initial report to patch release. Final security advisory released on 2023-12-06. --- Advisory URL: https://sec-consult.com/vulnerability-lab/

Goal Reached Thanks to every supporter — we hit 100%!

One Identity Password Manager Kiosk Escape Privilege Escalation (CVE-2023-48654)