How severe is CVE-2023-36266?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-36266?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2023-36266 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout. NOTE: the vendor disputes this for two reasons: the information is inherently available during a logged-in session when the attacker can read from arbitrary memory locations, and information only remains available after logout because of memory-management limitations of web browsers (not because the Keeper technology itself is retaining the information).

Related Vulnerabilities

CVE-2010-4178

MEDIUM

CVSS:5.5(Medium)

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CWE-5222010

CVE-2012-5527

MEDIUM

CVSS:5.5(Medium)

Claws Mail vCalendar plugin: credentials exposed on interface

CWE-5222012

CVE-2013-4423

MEDIUM

CVSS:5.5(Medium)

CloudForms stores user passwords in recoverable format

CWE-5222013

CVE-2014-0241

MEDIUM

CVSS:5.5(Medium)

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CWE-5222014

CVE-2014-1423

MEDIUM

CVSS:5.5(Medium)

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...

CWE-5222014

CVE-2014-4659

MEDIUM

CVSS:5.5(Medium)

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "de...

CWE-5222014