PT-2002-1409 · Hotline · Hotline Client

Publicado

2002-05-03

Atualizado

2016-10-18

CVE-2002-0343

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hotline Client version 1.8.5

Description The issue concerns the storage of sensitive user information. Hotline Client stores passwords in plaintext in the bookmarks file. This could allow local users with access to the bookmarks file to extract the passwords and gain privileges.

Recommendations For Hotline Client version 1.8.5, consider removing or securing access to the bookmarks file to prevent unauthorized access to stored passwords. As a temporary workaround, avoid storing sensitive information in the bookmarks file until a more secure method of storage is implemented.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0343

Produtos afetados

Hotline Client

PT-2002-1409 · Hotline · Hotline Client

CVE-2002-0343

Identificadores relacionados

Produtos afetados

Referências · 4