VULHUB ™

A weakness has been reported in the Microsoft Windows PostMessage API which could effectively allow unmasked passwords to be copied into a user's clipboard or other buffer. From this point, a further attack would be required to steal password credentials. This weakness occurs because the PostMessage API may be used in combination with EM_SETPASSWORDCHAR messages. This may occur from another process that does not belong to the process thread.

A weakness has been reported in the Microsoft Windows PostMessage API which could effectively allow unmasked passwords to be copied into a user's clipboard or other buffer. From this point, a further attack would be required to steal password credentials. This weakness occurs because the PostMessage API may be used in combination with EM_SETPASSWORDCHAR messages. This may occur from another process that does not belong to the process thread.