Missing Encryption of Sensitive Data in PASSWORD MANAGER "MIRUPASS" PW10 / PW20



Published: 2022-01-13
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2022-0183
CWE-ID CWE-311
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
PASSWORD MANAGER "MIRUPASS" PW10
Hardware solutions / Firmware

PASSWORD MANAGER "MIRUPASS" PW20
Hardware solutions / Firmware

Vendor KING JIM

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Missing Encryption of Sensitive Data

EUVDB-ID: #VU59571

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-0183

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to an inappropriate encryption algorithm. An attacker with physical access can obtain the stored passwords.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

PASSWORD MANAGER "MIRUPASS" PW10: All versions

PASSWORD MANAGER "MIRUPASS" PW20: All versions

External links

http://jvn.jp/en/jp/JVN19826500/index.html
http://www.kingjim.co.jp/download/security/#mirupass


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###