CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-39846

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00029/1

CVE-2024-39846: NewPass before 1.2.0 improperly stores passwords, making it vulnerable to unauthorized access. Instead of using secure password hashes, the application stores passwords directly, simplifying the process for attackers to obtain sensitive information. While data is encrypted at rest, it's decrypted in process memory during use, exposing the passwords.

Although the CVSS score is 0, implying low severity, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a moderate risk, particularly considering its presence "In The Wild." This indicates active exploitation or the potential for exploitation. Organizations using NewPass versions prior to 1.2.0 should prioritize upgrading to mitigate the risk of password compromise and subsequent breaches. The significance lies in the direct exposure of passwords, making it easier for attackers to gain unauthorized access. Timely patching is crucial.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-06-29
LAST MODIFIED2024-06-29

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-39846 | NewPass up to 1.1.x missing encryption
vuldb.com2024-06-30
CVE-2024-39846 | NewPass up to 1.1.x missing encryption | A vulnerability has been found in NewPass up to 1.1.x and classified as problematic. This vulnerability affects unknown code. The manipulation leads to missing encryption of sensitive data. This vulnerability was named CVE-2024-39846. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news

Social Media

🚨 CVE-2024-39846: NewPass up to 1.1.x missing encryption for sensitive data. Impact: Exposed user information. Action: Upgrade NewPass immediately to patch the vulnerability and protect user data. #CyberSecurity #DataBreach
0
0
0
CVE-2024-39846 This CVE ID (CVE-2024-39846) does not exist in our database. Please verify the ID and try again. CVE IDs are unique identifiers for publicly known cybersecurity vulnerabilities, and incorrect IDs ma... https://t.co/9iXJGXrxcr
0
0
0
CVE-2024-39846 NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in e… https://t.co/HVcatPy0WG
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/6eero/NewPass/commit/13f0a844d64927450fa751deb7cc06beba699720
[email protected]https://github.com/6eero/NewPass/releases/tag/v1.2.0

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence