Storing Passwords in a Recoverable Format Vulnerability in TeamPass by nilsteampassnet
CVE-2019-1000001

9.8CRITICAL

Key Information:

Vendor: Teampass
Status: Teampass
Vendor: CVE Published:; 4 February 2019

What is CVE-2019-1000001?

TeamPass versions prior to 2.1.28 are impacted by a vulnerability where passwords in shared vaults are stored in a recoverable format. This flaw allows attackers to potentially recover all shared passwords server-side if they manage to exploit any existing vulnerabilities that bypass authentication or proper role assignments. Organizations are advised to upgrade to the latest version to mitigate this security risk.

References

https://github.com/nilsteampassnet/TeamPass/issues/2495

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-1000001 Data

JSON

Teampass

What is CVE-2019-1000001?

References

CVSS V3.1

Timeline