CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1000001

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile41.45th
PublishedFeb 4, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.

Affected Platforms (CPE)

📦
Teampass

Teampass

<= 2.1.27.0

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/issues/2495
🔗 https://github.com/nilsteampassnet/TeamPass/issues/2495

Related Vulnerabilities

CVE-2015-75649.8

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...

CVE-2020-124798.8

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request w...