bluedoor data·Trust Centers API·bluedoor.sh

Home / Security updates / DOM-based extension clickjacking attacks on password managers

DOM-based extension clickjacking attacks on password managers

Security updates detail rendered from /security-updates/upd_899f92392743495d.

Overview

IDupd_899f92392743495d
CollectionSecurity Updates
ProviderSafeBase
CompanyDelinea
URL-
Counts-
Updated-

Raw record

FieldValue
idupd_899f92392743495d
providerIdsafebase
organizationIdorg_a3ee621a755352d9
trustCenterIdtc_c2a1aa0eb7eda998
titleDOM-based extension clickjacking attacks on password managers
messageDelinea is aware of the recently-announced DOM-based clickjacking attack on browser extensions that perform password and credential management which was presented at DEF CON 33 [PDF](https://marektoth.com/presentations/DEFCON33_MarekToth.pdf). The attack requires attackers to be able to control javascript on a website for which a browser user has stored secret credentials in a password manager, at the time that the user visits that site. If successful, the attack allows access to the user’s credentials for the affected site. Many popular password managers were shown to be vulnerable. At the time of this publishing, there is no CVE identifier for this vulnerability. Delinea is working to determine the extent of impact on its products including Delinea Credential Manager (DCM) and Web Password Filter (WPF), and to promptly implement mitigations deemed appropriate, including those recommended by the original researcher. An update will be provided in this space when more information is
url-
publishedAt2025-08-26
source
{
  "field": "statuspage/public/compliance-update",
  "category": "general"
}
company
{
  "id": "org_a3ee621a755352d9",
  "name": "Delinea",
  "domains": [
    "trust.delinea.com",
    "delinea.com"
  ]
}
trust_center
{
  "id": "tc_c2a1aa0eb7eda998",
  "name": "Delinea",
  "url": "https://trust.delinea.com",
  "host": "trust.delinea.com"
}
provider
{
  "id": "safebase",
  "name": "SafeBase"
}
links
{
  "self": "/v1/security-updates/upd_899f92392743495d",
  "company": "/v1/companies/org_a3ee621a755352d9",
  "trust_center": "/v1/trust-centers/tc_c2a1aa0eb7eda998",
  "provider": "/v1/providers/safebase"
}
Get this page with API

Rendered from the bluedoor Trust Centers API. Reproduce it:

GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_899f92392743495dJSON