Click on the company studio behind the passwordstate enterprise-grade password manager, the customers have been warned to patch the high-seriousness certification bypass vulnerability as soon as possible.
Passwordstate serves as a safe password vault that enables organizations to reach, organize and control the passwords, API keys, certificates and various other types of credentials through a centralized web interface.
Click Studios states that its passwordstate password manager is used by more than 370,000 IT professionals, working in 29,000 companies worldwide, including government agencies, financial institutions, global enterprises and Fortune 500 companies including 500 companies.
In a new announcement on the company’s official platform, click on the studio Used users To upgrade “as soon as possible” Passwordstate 9.9 Build 9972Which was released today with the first two security updates.
One of them is High-default security defects (With no CVE ID) that allows the attackers to bypass certification and get access to the passwordstate administration section to use the URL carefully prepared against the emergency access page of core passwordstate products.
Although the company has not yet publicly shared additional details about this vulnerability, the Click Studios has provided a work -chamber for those who are unable to upgrade immediately to the email sent to customers, which Bleepingcomputer has seen.
The company said, “Click Studios have analyzed the findings, tested and may confirm that vulnerability exists when a careful URL is input on the emergency access webpage,” the company said.
“For this, the only partial task system settings under the system settings are allowed for emergency access to the IP address-> IP range is allowed. It is a short-term partial fix and click on the studio. It firmly recommends that all customers upgrade the passwordstate build 9972 as soon as possible.”
Four years ago, Click Studios also informed the customers that the attackers successfully compromised the update mechanism of the password manager to distribute information-dying malware known as an unknown number of users in April 2021.
A few days later, the company confirmed that some of the infected customers could “cut their passwordstate password records” and the rest of the users were also being targeted in fishing attacks with updated Mozarpas Malware.
At that time, Click Studios advised customers who were infected during the April 2021 supply chain attack, so that they could reset all the passwords stored in their database.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
