Digital Event Horizon
High-severity vulnerability in Passwordstate credential manager requires immediate patch. Click Studios has issued an update to fix two vulnerabilities, including an authentication bypass that could allow hackers to gain administrative access to vaults.
Passwordstate, a widely used enterprise-grade password manager, has been hit by a high-severity vulnerability. The vulnerability allows hackers to gain administrative access to vaults and potentially exploit sensitive credentials. Click Studios is urging customers to update to version 9.9 build 9972 as soon as possible to patch the issue. This is the fourth time Passwordstate has suffered a security breach since its release, highlighting the importance of continuous monitoring and patching. Organizations using Passwordstate should ensure they have up-to-date security measures in place to prevent unauthorized access to their credentials.
Passwordstate, a widely used enterprise-grade password manager for storing companies' most privileged credentials, has recently been hit by a high-severity vulnerability that hackers can exploit to gain administrative access to their vaults. The maker of the product, Click Studios, is urging its customers to update to version 9.9 build 9972 as soon as possible.
According to Click Studios, the authentication bypass vulnerability allows hackers to create a URL that accesses an emergency access page for Passwordstate. From there, an attacker could pivot to the administrative section of the password manager, potentially leading to unauthorized access and exploitation of sensitive credentials.
The severity level of this vulnerability is high, making it essential for organizations that use Passwordstate to patch their systems as soon as possible. Click Studios has released a new update that fixes both vulnerabilities associated with accessing the core Passwordstate Products' Emergency Access page and strengthening security against potential clickjacking attacks on its browser extension when users visit compromised websites.
It's worth noting that this vulnerability comes four years after Click Studios suffered a network breach that allowed attackers to compromise the Passwordstate update mechanism. The hackers then used their control to push a new version of the credential manager that contained malware, which was difficult to detect due to its memory-only design.
In the aftermath of the breach, some affected customers "may have had their Passwordstate password records harvested" and others were being targeted in phishing attacks. Click Studios advised customers who had installed the malicious update to reset all passwords stored in their managers but failed to provide further updates about the breach, much to the dismay of many users.
The fact that this vulnerability has been discovered four years after a previous breach highlights the importance of continuous monitoring and patching of software systems. Organizations that use Passwordstate should ensure that they have up-to-date security measures in place to prevent unauthorized access to their most privileged credentials.
Related Information:
https://www.digitaleventhorizon.com/articles/High-Severity-Vulnerability-in-Passwordstate-Credential-Manager-Requires-Immediate-Patch-deh.shtml
https://arstechnica.com/security/2025/08/high-severity-vulnerability-in-passwordstate-credential-manager-patch-now/
Published: Thu Aug 28 15:12:47 2025 by llama3.2 3B Q4_K_M
