#VU59571 Missing Encryption of Sensitive Data in PASSWORD MANAGER "MIRUPASS" PW10 and PASSWORD MANAGER "MIRUPASS" PW20 - CVE-2022-0183
Published: January 13, 2022
Vulnerability identifier: #VU59571
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-0183
CWE-ID: CWE-311
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PASSWORD MANAGER "MIRUPASS" PW10
PASSWORD MANAGER "MIRUPASS" PW20
PASSWORD MANAGER "MIRUPASS" PW10
PASSWORD MANAGER "MIRUPASS" PW20
Software vendor:
KING JIM
KING JIM
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to an inappropriate encryption algorithm. An attacker with physical access can obtain the stored passwords.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.