CVE-2019-19696 — Insufficiently Protected Credentials in Password Manager

CWE-522 — Insufficiently Protected Credentials CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Password Manager Trend Micro Password Manager

Timeline

PublishedJan 18

Latest updateMay 24

Description

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDtrendmicro/password_manager5.0 — 5.0.0.1076+1

▶CVEListV5trend_micro/trend_micro_password_manager5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)

🔴Vulnerability Details

GHSA

GHSA-9jm6-6j35-x89g: A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost↗2022-05-24

▶

CVEList

CVE-2019-19696: A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost↗2020-01-17

▶