#VU59571 Missing Encryption of Sensitive Data in PASSWORD MANAGER "MIRUPASS" PW10 and PASSWORD MANAGER "MIRUPASS" PW20


Published: 2022-01-13

Vulnerability identifier: #VU59571

Vulnerability risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-0183

CWE-ID: CWE-311

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
PASSWORD MANAGER "MIRUPASS" PW10
Hardware solutions / Firmware
PASSWORD MANAGER "MIRUPASS" PW20
Hardware solutions / Firmware

Vendor: KING JIM

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to an inappropriate encryption algorithm. An attacker with physical access can obtain the stored passwords.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

PASSWORD MANAGER "MIRUPASS" PW10: All versions

PASSWORD MANAGER "MIRUPASS" PW20: All versions

External links
http://jvn.jp/en/jp/JVN19826500/index.html
http://www.kingjim.co.jp/download/security/#mirupass

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Missing Encryption of Sensitive Data in PASSWORD MANAGER "MIRUPASS" PW10 / PW20