Description
An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.
INFO
Published Date :
2024-04-26T00:00:00.000Z
Last Modified :
2024-08-02T02:36:04.567Z
Source :
mitre
AFFECTED PRODUCTS
The following products are affected by CVE-2024-33669 vulnerability.
| Vendors | Products |
|---|---|
| Passbolt |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-33669.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Complexity
Attack Vector
Availability Impact
Confidentiality Impact
Integrity Impact
Privileges Required
Scope
User Interaction