CVE-1999-1270

Name of the Vulnerable Software and Affected Versions KDE versions 1.0

Description The issue allows local users to obtain a PGP passphrase and compromise PGP keys of other users. This is possible because KMail provides the PGP passphrase as a command line argument to other programs. Local users can view the arguments via programs that list process information, such as ps.

Recommendations For KDE version 1.0, consider modifying KMail to avoid passing the PGP passphrase as a command line argument to prevent it from being visible to other users. As a temporary workaround, restrict access to programs that list process information to minimize the risk of exploitation.