CVE-2023-27706

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jun 9, 2023

Updated: Jan 6, 2025

CWE ID 312

Summary

CVE-2023-27706 is a vulnerability affecting the Bitwarden Windows desktop application. Versions of the software prior to v2023.4.0 store biometric keys within the Windows Credential Manager. This allows other local unprivileged processes to access these sensitive keys, posing a significant security risk. The vulnerability may lead to unauthorized access to protected systems and data. Users are advised to update to the latest version of Bitwarden to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Bitwarden

Affected Vendors

Bitwarden Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rlYqKe
https://www.cve.org/CVERecord?id=CVE-2023-27706
https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners