CVE-2024-39846

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39846
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39846.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39846
Published
2024-06-29T21:15:09Z
Modified
2025-09-19T15:06:16.113111Z
Summary
[none]
Details

NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.

References

Affected packages

Git / github.com/6eero/newpass

Affected ranges

Type
GIT
Repo
https://github.com/6eero/newpass
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v.*

v.1.1.5

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.1.10
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.7
v1.1.8
v1.1.9

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-39846-0cd3b115",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "132229337887815065856227273830457668728",
                    "17151883512358137046462535688897835623",
                    "289117615773041765479522415286840472347",
                    "250915306001770762165565683291190777877",
                    "296342352386063629303546487951113429088",
                    "339719551376655750402215628033799849993",
                    "72579781656984476817151793317766329902",
                    "89011785020648711671980589120223641824",
                    "22269106884187958201544110557317861164",
                    "247789483686116378433439328042407288631",
                    "13178718116290079307999949552517751852",
                    "56163405887195968070037531925837252200",
                    "126629710956304530211606447021770393782",
                    "185000755837964503743904067372020389849",
                    "329586636320656191453833818737479123775",
                    "132997048435102247554729354544066200078",
                    "304141159309479020608386676805873610779",
                    "294131843559486596983850529374941802834",
                    "116590619568419455525789748673301017795",
                    "118194026958897193031475099007386480259",
                    "71661179111686935415572363779748708687",
                    "47029693029033295115922212417074059661",
                    "229091174952368091367673548749940910391"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        },
        {
            "id": "CVE-2024-39846-2442bf7d",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "111376424034665128735850916253479674283",
                    "276971237721654397595544672220941707838",
                    "233503304053525306952323697254538073444",
                    "175745559041751265150206311524047359814",
                    "73208199448301527029459989704879509207",
                    "141437077779487457985065992618684811813",
                    "34060294516782953427623042318113129885",
                    "317322633062901502557741829394183273873",
                    "16190961001666518732665872265747622930",
                    "241613398039012201232776503929381043487",
                    "280162935488038461885247290123795144163",
                    "252992610837661763024369004613673558435",
                    "268143136973426179113408158674546121257",
                    "17953863010315582496922639268921441700",
                    "334476094814724249108067920385955751472",
                    "6454753101262110726784973748128539731",
                    "296012212542219762276308491112105479276",
                    "144326052863564074185424651279413373538"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        },
        {
            "id": "CVE-2024-39846-4e2d5065",
            "signature_type": "Function",
            "digest": {
                "function_hash": "127394075954944404709278222221608419657",
                "length": 517.0
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java",
                "function": "createUser"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        },
        {
            "id": "CVE-2024-39846-4f7f6781",
            "signature_type": "Function",
            "digest": {
                "function_hash": "129197270343008822997803079992745795122",
                "length": 517.0
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java",
                "function": "loginWithPassword"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        },
        {
            "id": "CVE-2024-39846-582ee1cf",
            "signature_type": "Function",
            "digest": {
                "function_hash": "309390461381615369521833506487008938118",
                "length": 321.0
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/view/activities/LoginActivity.java",
                "function": "registerUser"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        },
        {
            "id": "CVE-2024-39846-dcd308c3",
            "signature_type": "Function",
            "digest": {
                "function_hash": "124411811890504184429047939920313117799",
                "length": 426.0
            },
            "target": {
                "file": "app/src/main/java/com/gero/newpass/viewmodel/LoginViewModel.java",
                "function": "loginUserWithPassword"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/6eero/newpass/commit/13f0a844d64927450fa751deb7cc06beba699720"
        }
    ]
}