CVE-2024-9203: Enpass Password Manager sensitive information in memory
First published: Thu Sep 26 2024(Updated: )
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Enpass | <=6.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9203?
CVE-2024-9203 is classified as a problematic vulnerability.
How do I fix CVE-2024-9203?
To fix CVE-2024-9203, update Enpass Password Manager to a version later than 6.9.5.
What does CVE-2024-9203 affect?
CVE-2024-9203 affects the Enpass Password Manager up to version 6.9.5 on Windows.
What kind of data is exposed in CVE-2024-9203?
CVE-2024-9203 leads to the cleartext storage of sensitive information in memory.
Is CVE-2024-9203 exploitable remotely?
CVE-2024-9203 requires local access for exploitation.
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/enpass
- canonical/enpass