Kaspersky Fixes Security Issue in Password Manager Allowing Credentials Recovery
CVE-2023-23349

2.2LOW

Key Information:

Vendor: Kaspersky
Status: Kaspersky Password Manager For Windows
Vendor: CVE Published:; 22 March 2024

What is CVE-2023-23349?

A security issue has been identified in Kaspersky Password Manager for Windows that permits a local user to retrieve auto-filled credentials through a memory dump while the KPM extension for Google Chrome is active. To exploit this vulnerability, an attacker can entice a user into interacting with a malicious login form that auto-fills saved credentials from Kaspersky Password Manager. Following this, the attacker must deploy a malware component to extract the specified credentials, which may lead to unauthorized access and compromise of sensitive user information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kaspersky Password Manager for Windows * < 24.0.0.427

References

https://support.kaspersky.com/vulnerability/list-of-advis...

vendor-advisory

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Jan 11, 2023

Credit

Efstratios Chatzoglou

Zisis Tsiatsikas

Vyron Kampourakis

JSON

Kaspersky