CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-1000001

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile41.45th
Published2019年2月4日
Last Modified2024年11月21日

Vulnerability Description

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.

Affected Platforms (CPE)

📦
Teampass

Teampass

<= 2.1.27.0

References & Advisories

🔗 https://github.com/nilsteampassnet/TeamPass/issues/2495
🔗 https://github.com/nilsteampassnet/TeamPass/issues/2495

相关漏洞威胁

CVE-2015-75649.8

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via...

CVE-2017-94369.8

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVE-2015-75638.8

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authenticatio...

CVE-2020-124798.8

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request w...