CVE-2022-4611

MEDIUM

Click Studios Passwordstate - Hard-Coded Credentials

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability.

Exploits (2)

nomisec WORKING POC 2 stars

by Phamchie · poc

https://github.com/Phamchie/CVE-2022-4611

View Code ZIP pw:eip

nomisec WORKING POC

by fgsoftware1 · poc

https://github.com/fgsoftware1/CVE-2022-4611

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.216273

Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.216273

Exploit, Third Party Advisory exploit

https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

Scores

CVSS v3 4.3

EPSS 0.0391

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-798

Status published

Products (3)

clickstudios/passwordstate 9.5 build_9500 (7 CPE variants)

clickstudios/passwordstate 9.5.8.4

clickstudios/passwordstate < 9.5

Published Dec 19, 2022

Tracked Since Feb 18, 2026