Executive Summary

CVE-2025-70050 is a vulnerability in lesspass version 9.6.9 related to CWE-312, which is the cleartext storage of sensitive information.

This means that the application stores sensitive data in an unencrypted, cleartext format. As a result, if an attacker gains access to the storage medium where this data is kept, they can obtain confidential information without needing to bypass encryption.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized access and exposure of sensitive information stored by the lesspass application.

If an attacker compromises the storage location, they can retrieve confidential data easily because it is not encrypted.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the cleartext storage of sensitive information in lesspass version 9.6.9. Detection would focus on identifying unencrypted sensitive data stored by this specific version of the software.

Since the vulnerability is related to stored data rather than network traffic, detection commands would involve inspecting files or storage locations used by lesspass for sensitive data in cleartext.

Specific commands are not provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is due to cleartext storage of sensitive information in lesspass version 9.6.9.

Immediate mitigation steps would include:

• Avoid using lesspass version 9.6.9 until a fixed version is released.
• Remove or securely delete any sensitive data stored by this version of lesspass.
• Monitor for updates or patches from the lesspass project and apply them promptly.

Useful 0 Not Useful 0