CVE-2024-54124
📋 TL;DR
This vulnerability in Click Studios Passwordstate allows authenticated users to escalate their permissions when editing folders, potentially gaining unauthorized access to sensitive password data. All Passwordstate installations before build 9920 are affected.
💻 Affected Systems
- Click Studios Passwordstate
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain administrative privileges, access all stored passwords, modify credentials, and potentially pivot to other systems using compromised credentials.
Likely Case
Malicious insiders or compromised accounts could access sensitive passwords they shouldn't have permission to view, leading to credential theft and lateral movement.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized access within the user's existing permission scope.
🎯 Exploit Status
Exploitation requires authenticated access to the Passwordstate web interface and knowledge of the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 9920 or later
Vendor Advisory: https://www.clickstudios.com.au/security/advisories/
Restart Required: Yes
Instructions:
1. Download Passwordstate build 9920 or later from Click Studios portal. 2. Backup your Passwordstate database. 3. Run the installer to upgrade. 4. Restart IIS services. 5. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Restrict Folder Edit Permissions
allTemporarily restrict folder editing permissions to only essential administrators until patching can be completed.
🧯 If You Can't Patch
- Implement strict access controls and monitor all folder permission changes
- Enable detailed logging and alert on any permission escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Passwordstate version in the web interface under Help > About. If build number is less than 9920, the system is vulnerable.Check Version:
Not applicable - version is displayed in the web interface only.Verify Fix Applied:
After upgrading, verify the build number shows 9920 or higher in Help > About, and test that folder permission escalation is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual folder permission changes
- Multiple failed permission modification attempts
- User accessing folders outside their normal scope
Network Indicators:
- HTTP POST requests to folder edit endpoints with permission parameter modifications
SIEM Query:
source="passwordstate" AND (event="folder_permission_change" OR event="access_denied")