Cleartext Vulnerability in kedpm Password Manager by Kedpm
CVE-2017-8296

7.5HIGH

Key Information:

Vendor

Ked Password Manager Project

Status
Ked Password Manager
Vendor
CVE Published:
27 April 2017

What is CVE-2017-8296?

The kedpm password manager versions 0.5 and 1.0 expose sensitive information by creating a history file in the user's home directory that stores commands in cleartext. This file contains all executed commands, including the potential disclosure of the master password if specific passwords are accessed using the 'password' command. Additionally, the names of all password entries can be retrieved in an unprotected format, posing significant security risks to user credentials.

References

http://openwall.com/lists/oss-security/2017/04/26/9
x_refsource_CONFIRM
https://sourceforge.net/p/kedpm/bugs/6/
x_refsource_MISC
https://security.gentoo.org/glsa/201708-04
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.