Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Kaspersky
Published: 2024-03-22T16:15:55.200Z
Updated: 2024-08-02T10:28:40.854Z
Reserved: 2023-01-11T20:11:14.512Z
Link: CVE-2023-23349
Vulnrichment
Updated: 2024-08-02T10:28:40.854Z
NVD
Status : Awaiting Analysis
Published: 2024-03-22T17:15:07.537
Modified: 2024-03-22T19:02:10.300
Link: CVE-2023-23349
Redhat
No data.