CVE-2017-8296

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ked_password_manager_project:ked_password_manager:0.5:*:*:*:*:*:*:*
cpe:2.3:a:ked_password_manager_project:ked_password_manager:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:33

Type Values Removed Values Added
References () http://openwall.com/lists/oss-security/2017/04/26/9 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2017/04/26/9 - Mailing List, Third Party Advisory
References () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 - Issue Tracking, Patch () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 - Issue Tracking, Patch
References () https://security.gentoo.org/glsa/201708-04 - () https://security.gentoo.org/glsa/201708-04 -
References () https://sourceforge.net/p/kedpm/bugs/6/ - Issue Tracking, Patch, Third Party Advisory () https://sourceforge.net/p/kedpm/bugs/6/ - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2017-04-27 15:59

Updated : 2024-11-21 03:33


NVD link : CVE-2017-8296

Mitre link : CVE-2017-8296

CVE.ORG link : CVE-2017-8296


JSON object : View

Products Affected

ked_password_manager_project

  • ked_password_manager
CWE
CWE-522

Insufficiently Protected Credentials