So here’s the thing - Passwordstate is an absolute trainwreck from a security standpoint and the company that makes it (Click Studios) recommends that users patch it immediately (if you use Passwordstate - patch now - it is quite serious).
• Upgrade to Build 9972 ASAP.
• If you can't upgrade yet, please use the temporary workaround: restrict access to the Emergency Access page by adding Allowed IP addresses in your system settings.
I once skipped an update thinking "I'll do it later," and sure enough, my browser got hacked that same week. Believe me—patch now, not later.
1. Go to the Passwordstate website and update to Passwordstate 9.9 Build 9972. Don't wait.
2. If you can't get to the update right now, follow the IP address workaround for now.
3. If you've fallen behind on updates prior to this vulnerability, check your stored passwords.
What's going on?
Passwordstate is a central storage place for IT teams to access limitations for services - such as passwords, API keys and certificates. But a vulnerability was found that allows hackers to access the admin panel via the Emergency Access page by using a special URL that skips the login process. It is like some one strolling in your front door, and into your home. That's a problem.How to Resolve It
Click Studios has now released Passwordstate 9.9 Build 9972 which fixes this problem. You should:• Upgrade to Build 9972 ASAP.
• If you can't upgrade yet, please use the temporary workaround: restrict access to the Emergency Access page by adding Allowed IP addresses in your system settings.
I once skipped an update thinking "I'll do it later," and sure enough, my browser got hacked that same week. Believe me—patch now, not later.
Why This Is Serious
Passwordstate is utilized by more than 370,000 IT pros across nearly 29,000 companies—banks, Fortune 500 firms, and even government organizations. If they fail to patch, a lot of sensitive data could be vulnerable.Don't Forget 2021?
This is not the first time Passwordstate has gotten hit. In 2021, a group of hackers manipulated the update process and distributed malware named Moserpass that attempted to take users' password vaults. Those same users also received phishing attempts.What You Should Do Next
We'll make this easy on you.1. Go to the Passwordstate website and update to Passwordstate 9.9 Build 9972. Don't wait.
2. If you can't get to the update right now, follow the IP address workaround for now.
3. If you've fallen behind on updates prior to this vulnerability, check your stored passwords.
Final Thoughts
I know, I know, updates can be a hassle - but I think I would rather invest a couple minutes into updating than to risk a hacker stealing my data. Click Studios was nice enough to give us a good warning about this vulnerability, so now it's up to us to make the smart decision and take our action.
Last edited:
