Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41646 PoC — Buttercup 安全漏洞

Source
https://github.com/tristao-io/CVE-2023-41646
Associated Vulnerability
Title:Buttercup 安全漏洞 (CVE-2023-41646)
Description:Buttercup是一个密码管理器。 Buttercup v2.20.3版本存在安全漏洞。攻击者利用该漏洞通过访问文件 /vaults.json/ 来获取密码管理器主密码的哈希值。
Readme
# CVE-2023-41646
## Buttercup v2.20.3 Buttercup Password Mangement

#Title:Buttercup v2.20.3<br>
#Date: 2023-09-01<br>
#Author: Francisco Marinho<br>
#Vendor Homepage: https://buttercup.pw/<br>
#Software link:https://buttercup.pw/<br>
#Version: v2.20.3<br>
#Tested on: Linux<br>
<br>
# =========================POC=========================<br>
<br>

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/

##Example
cat ~/local/share/Buttercup-nodejs/vaults.json

<br>
File Snapshot

 [4.0K]  /data/pocs/5fed23d2a34a30c346c9b9fa16e05ad59acc7a96
└── [ 553]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.