Ethical Hacking News
Click Studios has issued an urgent warning to its users regarding a high-severity authentication bypass vulnerability in their Passwordstate password manager, urging them to patch their systems with the latest update as soon as possible. The vulnerability poses significant risks to user credentials and requires immediate attention from IT professionals worldwide.
Click Studios has issued an urgent warning about a high-severity authentication bypass vulnerability in their Passwordstate password manager.The vulnerability allows attackers to bypass authentication and gain unauthorized access to user credentials, posing a significant risk to security and integrity.Users of the Passwordstate password manager are advised to patch their systems with the latest update as soon as possible.The company has not publicly disclosed additional details about the vulnerability but provided a workaround in emails sent to customers.This is not an isolated incident for Click Studios, as they previously notified customers about a supply chain attack that compromised their update mechanism four years ago.
Click Studios, a leading provider of enterprise-grade password management solutions, has issued an urgent warning to its users regarding a high-severity authentication bypass vulnerability in their Passwordstate password manager. This critical security flaw, which was discovered recently, poses a significant risk to the security and integrity of user credentials, making it essential for users to patch their systems with the latest update as soon as possible.
The Passwordstate password manager is widely used by over 370,000 IT professionals working at 29,000 companies worldwide, including government agencies, financial institutions, global enterprises, and Fortune 500 companies across various industry sectors. The company's flagship product has been instrumental in helping organizations to store, organize, and control access to sensitive credentials via a centralized web interface.
According to the latest announcement from Click Studios, a high-severity security flaw exists in the core Passwordstate Products' Emergency Access page, which allows attackers to bypass authentication and gain unauthorized access to the Passwordstate Administration section. This vulnerability has no CVE ID assigned and is considered to be of utmost severity by the company.
While Click Studios has not publicly disclosed additional details about this vulnerability, they have provided a workaround for users who are unable to upgrade immediately in emails sent to customers. The workaround involves setting the Emergency Access Allowed IP Address for the webserver under System Settings->Allowed IP Ranges. However, Click Studios strongly recommends that all customers upgrade to Passwordstate Build 9972 as soon as possible, considering this temporary fix only a partial solution.
It is worth noting that this vulnerability is not an isolated incident for Click Studios. Four years ago, the company notified its customers about a supply chain attack that had compromised the password manager's update mechanism, resulting in the delivery of information-stealing malware known as Moserpass to an undisclosed number of users. As a result, some infected customers may have had their Passwordstate password records harvested, while others were targeted in phishing attacks with updated Moserpass malware.
In light of this latest vulnerability, Click Studios has urged its users to prioritize patching their systems with the latest update to ensure the security and integrity of their sensitive credentials. Users are advised to upgrade to Passwordstate 9.9 Build 9972 as soon as possible to avoid potential data breaches and other security-related issues.
The recent discovery of this high-severity authentication bypass vulnerability serves as a stark reminder of the importance of regular security updates, patching, and monitoring in today's digital landscape. As more companies continue to rely on password managers like Passwordstate for secure credential storage, it is essential that they prioritize their cybersecurity posture by staying up-to-date with the latest security patches and best practices.
In conclusion, Click Studios has sounded the alarm regarding a high-severity authentication bypass vulnerability in their Passwordstate password manager, urging users to patch their systems immediately. With the potential consequences of this vulnerability being severe, it is crucial that users take proactive measures to ensure the security and integrity of their sensitive credentials.
Related Information:
https://www.ethicalhackingnews.com/articles/Passwordstate-Dev-Urges-Users-to-Patch-Auth-Bypass-Vulnerability-Immediately-ehn.shtml
https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/
https://www.newsdirectory3.com/passwordstate-vulnerability-critical-patch-now-available/
https://redteamnews.com/red-team/cve/passwordstate-authentication-bypass-a-history-of-high-severity-flaws-and-hardening/
Published: Thu Aug 28 16:39:38 2025 by llama3.2 3B Q4_K_M
