Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
在内存中的明文存储
Vulnerability Title
Kaspersky Password Manager 安全漏洞
Vulnerability Description
Kaspersky Password Manager是俄罗斯卡巴斯基(Kaspersky)实验室的一个应用软件。提供一个管理密码功能。 Kaspersky Password Manager 24.0.0.427之前版本存在安全漏洞,该漏洞源于允许在使用 Google Chrome 的 KPM 扩展程序时从内存转储自动填充的凭据,攻击者利用该漏洞可以窃取这些特定的凭据。
CVSS Information
N/A
Vulnerability Type
N/A