All incidents

Passphrase information leakage

Summary

  • CVE: N/A.
  • Product affected: Passbolt Extension.
  • Version affected: v1.6.6 and below.
  • Version fixed: v1.6.7
  • Affected component: Web extension private key passphrase entered before key generation.
  • Vulnerability Type: Information leakage.

Impact of issue

Attack vector / exploitation

Credits

Other information

How did this happen?

How bad is this?

What are you doing about it?

Event timeline

  • 2017-10-13 04:40:00 CET: Juan Wajnerman notify passbolt team about the issue.
  • 2017-10-13 08:00:00 CET: Passbolt team starts working on an impact assessment.
  • 2017-10-13 08:50:00 CET: Passbolt team notify Juan and starts working on afix.
  • 2017-10-13 10:40:00 CET: v.1.6.7 is being tested on continuous integration servers.
  • 2017-10-13 12:00:00 CET: v.1.6.7 submitted on chrome webstore and firefox add-ons.
  • 2017-10-13 12:00:00 CET: This incident report is published.

Current status:

Last updated: 2017-10-13 12:00:00 CET
Flag of European UnionMade in Europe. Privacy by default.
Passbolt Security Incident Report: vulnerability - October 13th, 2017