Immediate remediation of severe Passwordstate flaw recommended

Organizations using Passwordstate have been urged by its developer, Click Studios, to promptly implement the latest version of the enterprise-grade password manager to address a high-severity authentication bypass vulnerability, according to BleepingComputer. Attackers could exploit the flaw, which is present when a crafted URL is provided while on the core Passwordstate Products' Emergency Access page, to circumvent authentication and subsequently infiltrate the Passwordstate Administration section, said Click Studios. "The only partial work around for this is to set the Emergency Access Allowed IP Address for your webserver under System Settings->Allowed IP Ranges. This is a short term partial fix and Click Studios strongly recommends that all customers upgrade to Passwordstate Build 9972 as soon as possible," the firm added. Such a development comes four years after Passwordstate's update mechanism was noted by Click Studios to have been compromised to facilitate the deployment of the Moserpass information-stealing malware as part of a supply chain intrusion.