CVE-2022-32969

Medium

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39…

mitre·CWE-281·Published 2022-06-29

CVSS

5.9

EPSS

0.01

KEV

Exploits

cve.orgen

264 chars

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.

NVDen

264 chars

NVDes

343 chars

MetaMask versiones anteriores a 10.11.3, podría permitir a un atacante acceder a la frase secreta de recuperación de un usuario porque es usado un campo de entrada para un mnemónico BIP39, y Firefox y Chromium guardan dichos campos en el disco con el fin de soportar la funcionalidad Restore Session, también se conoce como el problema Demonic

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N