Backup Manager · Backup Manager · CVE-2007-4656
Name of the Vulnerable Software and Affected Versions:
Backup Manager versions prior to 0.6.3
Description:
The issue allows local users to obtain sensitive information, including the FTP server hostname, username, and password, by listing the process and its arguments during FTP uploads. This occurs because the `backup-manager-upload` in Backup Manager provides this sensitive information as plaintext command line arguments.
Recommendations:
For versions prior to 0.6.3, update to version 0.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the process list to minimize the risk of exploitation.