The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-06-03 14:32
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2517
Mitre link : CVE-2008-2517
CVE.ORG link : CVE-2008-2517
JSON object : View
Products Affected
sarab
- sarab
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor