Vulnerability identifier: #VU59571
Vulnerability risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-311
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
PASSWORD MANAGER "MIRUPASS" PW10
Hardware solutions /
Firmware
PASSWORD MANAGER "MIRUPASS" PW20
Hardware solutions /
Firmware
Vendor: KING JIM
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to an inappropriate encryption algorithm. An attacker with physical access can obtain the stored passwords.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
PASSWORD MANAGER "MIRUPASS" PW10: All versions
PASSWORD MANAGER "MIRUPASS" PW20: All versions
External links
http://jvn.jp/en/jp/JVN19826500/index.html
http://www.kingjim.co.jp/download/security/#mirupass
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.