Photo by GuerrillaBuzz on Unsplash
If your company uses Passwordstate to manage sensitive credentials, there’s an urgent update you need to install right now. The team behind Passwordstate, Click Studios, has just released a patch for a high-severity security vulnerability. And this one’s serious.
Let’s break it down.
A Simple URL Could Let Hackers In
Imagine a hacker crafting a special URL that grants them access to your company’s vault of passwords. That’s essentially what this vulnerability allows. Click Studios says attackers could bypass authentication and land on Passwordstate’s Emergency Access page. From there, they could jump straight into the Administration section—basically, the heart of your credential manager.
The exploit doesn’t have a CVE identifier yet, but Click Studios has labeled it as high severity. In other words: if you’re using Passwordstate, don’t wait. Update to version 9.9, build 9972, as soon as possible.
Who’s Affected?
According to Click Studios, Passwordstate is used by over 29,000 businesses and 370,000 security professionals around the world. It’s enterprise-grade software that handles:
- Secure storage for privileged credentials
- Integration with Windows Active Directory
- Password resets, auditing, and remote session logins
This isn’t a small tool. It’s at the core of many organizations’ digital security infrastructure.
What You’re Updating
Photo by Peter Conrad on Unsplash
The update released this week fixes two specific vulnerabilities:
- The authentication bypass issue tied to the Emergency Access page
- A clickjacking concern in the Passwordstate browser extension, which could expose users visiting compromised sites
Click Studios hasn’t shared in-depth technical details, but the short version is clear: ignoring this update could leave your password vault—and potentially your whole system—wide open to attack.
Why This Feels Familiar
If this story’s giving you déjà vu, you’re not wrong.
Back in 2021, Click Studios suffered a pretty alarming breach. Attackers hijacked the Passwordstate update mechanism and slipped in malware that went undetected, extracting system data and some password records. Some victims were later targeted in phishing attacks. The fallout? Customers had to reset every single password stored in their vaults.
Photo by Claudio Schwarz on Unsplash
That incident shook a lot of confidence in Click Studios. What frustrated many users most wasn’t just the breach itself—but the lack of follow-up. After the initial alerts and fixes, the company largely went silent.
Which is why this new vulnerability, even though it’s not tied to a breach (yet), has some folks on edge.
What Now?
If you’re a Passwordstate user, here’s what to do:
- Check your version number
- Update immediately to version 9.9 build 9972
- Double-check your security protocols around Emergency Access and admin use
- Consider reviewing which users have administrative access—just in case
Software vulnerabilities happen. But when you’re safeguarding the keys to your company’s most sensitive systems, even a single exploit can have wide-reaching consequences. So yes, this patch matters.
Stay safe out there.
