CVE-2024-39846
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39846
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39846.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-39846
- Published
- 2024-06-29T21:15:09Z
- Modified
- 2025-10-17T07:25:54.953131Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.
- References
Affected packages
Git / github.com/6eero/newpass
Affected ranges
- Type
- GIT
- Repo
- https://github.com/6eero/newpass
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v.*
v.1.1.5
v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.7
v1.1.8
v1.1.9
Database specific
vanir_signatures
[
{
"id": "CVE-2024-39846-0cd3b115",
"target": {
"file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"132229337887815065856227273830457668728",
"17151883512358137046462535688897835623",
"289117615773041765479522415286840472347",
"250915306001770762165565683291190777877",
"296342352386063629303546487951113429088",
"339719551376655750402215628033799849993",
"72579781656984476817151793317766329902",
"89011785020648711671980589120223641824",
"22269106884187958201544110557317861164",
"247789483686116378433439328042407288631",
"13178718116290079307999949552517751852",
"56163405887195968070037531925837252200",
"126629710956304530211606447021770393782",
"185000755837964503743904067372020389849",
"329586636320656191453833818737479123775",
"132997048435102247554729354544066200078",
"304141159309479020608386676805873610779",
"294131843559486596983850529374941802834",
"116590619568419455525789748673301017795",
"118194026958897193031475099007386480259",
"71661179111686935415572363779748708687",
"47029693029033295115922212417074059661",
"229091174952368091367673548749940910391"
]
},
"signature_type": "Line",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
},
{
"id": "CVE-2024-39846-2442bf7d",
"target": {
"file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"111376424034665128735850916253479674283",
"276971237721654397595544672220941707838",
"233503304053525306952323697254538073444",
"175745559041751265150206311524047359814",
"73208199448301527029459989704879509207",
"141437077779487457985065992618684811813",
"34060294516782953427623042318113129885",
"317322633062901502557741829394183273873",
"16190961001666518732665872265747622930",
"241613398039012201232776503929381043487",
"280162935488038461885247290123795144163",
"252992610837661763024369004613673558435",
"268143136973426179113408158674546121257",
"17953863010315582496922639268921441700",
"334476094814724249108067920385955751472",
"6454753101262110726784973748128539731",
"296012212542219762276308491112105479276",
"144326052863564074185424651279413373538"
]
},
"signature_type": "Line",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
},
{
"id": "CVE-2024-39846-4e2d5065",
"target": {
"file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java",
"function": "createUser"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "127394075954944404709278222221608419657",
"length": 517.0
},
"signature_type": "Function",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
},
{
"id": "CVE-2024-39846-4f7f6781",
"target": {
"file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java",
"function": "loginWithPassword"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "129197270343008822997803079992745795122",
"length": 517.0
},
"signature_type": "Function",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
},
{
"id": "CVE-2024-39846-582ee1cf",
"target": {
"file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java",
"function": "registerUser"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "309390461381615369521833506487008938118",
"length": 321.0
},
"signature_type": "Function",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
},
{
"id": "CVE-2024-39846-dcd308c3",
"target": {
"file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java",
"function": "loginUserWithPassword"
},
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "124411811890504184429047939920313117799",
"length": 426.0
},
"signature_type": "Function",
"source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
}
]