CVE-2014-3851

Name of the Vulnerable Software and Affected Versions Pyplate version 0.08

Description The issue concerns a file permission setting in Pyplate that allows local users to access sensitive information. Specifically, the create passwd file.py script sets world-readable permissions for the passwd.db file, which contains the administrator password. This setting enables local users to read the file and obtain the administrator password.

Recommendations For Pyplate version 0.08, consider changing the permissions of the passwd.db file to restrict access and prevent local users from reading it. As a temporary workaround, restrict access to the create passwd file.py script until a proper fix is applied.