Click Studios

Click Studios (SA) Pty Ltd is an Agile software development company specialising in the development of a secure Enterprise Password Management solution called Passwordstate.

Contact Info

Level 2, 70 Hindmarsh Square, Adelaide, SA 5000, Australia
sales@clickstudios.com.au

Products

Follow Us

Incident Management Advisories

Click Studios has a well-defined Incident Management Plan designed to effectively address and mitigate major incidents that impact the operation of Passwordstate.

Incident Response & Advisory Communications

As part of our structured Incident Response Process, Click Studios will notify all customers via email, directing them to this advisories page for the latest updates. This page serves as the authoritative source of information for customers, media representatives, and other stakeholders.

Centralizing incident communications enables our Technical Support, Development, and Pre-Sales teams to focus on remediation guidance and rapid resolution while ensuring consistent and verified updates.

Important: During any incident, email notifications will reference this advisories page as the single source of truth. Please rely exclusively on this page for verified updates.

Current Advisory Status

At this time, there are no active major incidents affecting Passwordstate.

Common Vulnerabilities and Exposures (CVEs)

The table below outlines confirmed security vulnerabilities identified in Passwordstate and associated modules. Click Studios maintains full transparency and is committed to rapid mitigation and remediation.

Date CVE Severity Product Description Fixed In
2025-08-28 CVE-2025-59453 High Passwordstate Core Authentication bypass via crafted URL affecting Emergency Access page. Build 9972
2024-11-25 CVE-2024-54124 Low Passwordstate Core Permission escalation on edit folder screen. Build 9920
2024-03-07 CVE-2024-39337 High Passwordstate Core Potential authentication bypass issue. Build 9858
2023-09-25 CVE-2023-47801 Low Passwordstate API Incorrect access control via System Wide API key. Build 9811
2023-08-31 CVE-2023-43295 Low Passwordstate Core CSRF bypass for authenticated sessions. Build 9795
2022-11-07 CVE-2022-3877 Medium Passwordstate Core Cross-site scripting vulnerability. Build 9653
2022-09-05 CVE-2022-3875 High Passwordstate API Authentication bypass by assumed-immutable data. Build 9611
2022-09-05 CVE-2022-3876 Medium Passwordstate API Authorization bypass via PasswordID manipulation. Build 9611
2020-10-29 CVE-2020-27747 Low Mobile Web Site (Deprecated) Lack of brute force detection on PIN authentication. Build 8987
2020-10-05 CVE-2020-26061 High Password Reset Portal HTTP request allowed setting password for registered user. Build 8501
2018-08-01 CVE-2018-14776 Low Passwordstate Core XSS via uploaded HTML document. Build 8397

Subscribe to Advisories RSS Feed

To stay informed about newly identified CVEs, subscribe to our RSS feed and receive updates as new advisories are published.

https://forums.clickstudios.com.au/forum/6-announcements.xml