Vulnerability CVE-2017-8296


Published: 2017-04-27   Modified: 2017-04-28

Description:
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ked password manager project -> Ked password manager 

 References:
http://openwall.com/lists/oss-security/2017/04/26/9
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
https://security.gentoo.org/glsa/201708-04
https://sourceforge.net/p/kedpm/bugs/6/

Copyright 2024, cxsecurity.com

 

Back to Top