lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Apr 2019 10:16:54 +0200 (CEST)
From: <>
To: Fulldisclosure <>
Subject: [FD] Uniqkey Password Manager 1.14 - Remote Denial Of Service

An issue was discovered in Uniqkey Password Manager 1.14.
When entering new credentials to a site that isn't registered within
this product, a pop-up window will appear asking the user if
they want to save these new credentials. The code of the pop-up window
can be read and, to some extent, manipulated by remote servers. This
pop-up window will stay on any page the user visits within the browser
until a decision is made. A malicious web server can forcefully
manipulate the pop-up and cause it not to appear, stopping users from
securing their credentials. This vulnerability is related to
id="uniqkey-password-popup" and password-popup/popup.html, but is a
different vulnerability than CVE-2019-10676.

Vendor informed: 5th Jan 2019

Discovered by Gionathan Reale

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists