Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2024-03-22T16:15:55.200Z

Updated: 2024-08-02T10:28:40.854Z

Reserved: 2023-01-11T20:11:14.512Z

Link: CVE-2023-23349

cve-icon Vulnrichment

Updated: 2024-08-02T10:28:40.854Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-22T17:15:07.537

Modified: 2024-03-22T19:02:10.300

Link: CVE-2023-23349

cve-icon Redhat

No data.