Information disclosure in Keeper Password Manager

Published: 2017-12-18 15:34:42
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 7 (AV:N/AC:L/Au:N/C:C/I:N/A:N/E:POC/RL:U/RC:C)
CVSSv3 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]
CVE ID N/A
CWE ID CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Keeper Password Manager
Vulnerable software versions Keeper Password Manager 11.0
Vendor URL Keeper Security
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in Keeper Password Manager. A remote attacker can compromise Keeper security and steal any password.

Remediation

Update to version 11.4.

External links

https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3

Back to List