VYPR

Password Manager

by One Identity

CVEs (5)

  • CVE-2023-48654CriDec 25, 2023
    risk 0.64cvss 9.8epss 0.01

    One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape…

  • CVE-2023-51772HigDec 25, 2023
    risk 0.57cvss 8.8epss 0.01

    One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape…

  • CVE-2025-27582HigJul 14, 2025
    risk 0.49cvss 7.6epss 0.00

    The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the…

  • CVE-2023-4003HigSep 27, 2023
    risk 0.49cvss 7.6epss 0.00

    One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.

  • CVE-2020-7962MedNov 13, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.…