kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.
References
Link | Resource |
---|---|
http://openwall.com/lists/oss-security/2017/04/26/9 | Mailing List Third Party Advisory |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 | Issue Tracking Patch |
https://security.gentoo.org/glsa/201708-04 | |
https://sourceforge.net/p/kedpm/bugs/6/ | Issue Tracking Patch Third Party Advisory |
http://openwall.com/lists/oss-security/2017/04/26/9 | Mailing List Third Party Advisory |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 | Issue Tracking Patch |
https://security.gentoo.org/glsa/201708-04 | |
https://sourceforge.net/p/kedpm/bugs/6/ | Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://openwall.com/lists/oss-security/2017/04/26/9 - Mailing List, Third Party Advisory | |
References | () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 - Issue Tracking, Patch | |
References | () https://security.gentoo.org/glsa/201708-04 - | |
References | () https://sourceforge.net/p/kedpm/bugs/6/ - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2017-04-27 15:59
Updated : 2024-11-21 03:33
NVD link : CVE-2017-8296
Mitre link : CVE-2017-8296
CVE.ORG link : CVE-2017-8296
JSON object : View
Products Affected
ked_password_manager_project
- ked_password_manager
CWE
CWE-522
Insufficiently Protected Credentials