Vulnerabilities > CVE-2020-10256 - Unspecified vulnerability in 1Password Command Line Interface and Scim

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

1password

critical

NVD

Published: 2020-10-27

Updated: 2024-03-25

Summary

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.

Vulnerable Configurations

Part	Description	Count
Application	1Password 1Password Scim - 1Password Command Line Interface - 1Password Command Line Interface 0.0.1 1Password Command Line Interface 0.0.2 1Password Command Line Interface 0.0.3 1Password Command Line Interface 0.0.4 1Password Command Line Interface 0.0.5 1Password Command Line Interface 0.1 1Password Command Line Interface 0.1.1 1Password Command Line Interface 0.2 1Password Command Line Interface 0.2.1 1Password Command Line Interface 0.3 1Password Command Line Interface 0.4 1Password Command Line Interface 0.4.1 1Password Command Line Interface 0.5 1Password Command Line Interface 0.5.1 1Password Command Line Interface 0.5.2 1Password Command Line Interface 0.5.3 1Password Command Line Interface 0.5.4	19

Summary

Vulnerable Configurations

References