[Japanese]

JVNDB-2022-000005

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

Overview

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability (CWE-311).

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.6 (Medium) [IPA Score]
  • Attack Vector: physics
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.9 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


KING JIM CO.,LTD.
  • Password Manager "MIRUPASS" PW10 firmware all versions
  • Password Manager "MIRUPASS" PW20 firmware all versions

Impact

A user who can physically access the products may obtain the stored passwords.
Solution

[Stop using the products]
The developer states that the products are no longer supported, therefore stop using the products.
It is highly recommended to erase all stored passwords before disposing the product.
Vendor Information

KING JIM CO.,LTD.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2022-0183
References

  1. JVN : JVN#19826500
  2. National Vulnerability Database (NVD) : CVE-2022-0183
Revision History

  • [2022/01/13]
      Web page was published