← Volver a CVEs

CVE-2020-10256

CRITICAL

9.8

Descripcion

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado10/27/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

1password:command_line_interface1password:scim

Referencias

https://support.1password.com/command-line/(cve@mitre.org)

https://support.1password.com/kb/202010/(cve@mitre.org)

https://support.1password.com/scim/(cve@mitre.org)

https://support.1password.com/command-line/(af854a3a-2127-422b-91ae-364da2661108)

https://support.1password.com/kb/202010/(af854a3a-2127-422b-91ae-364da2661108)

https://support.1password.com/scim/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.