PT-1999-1658 · Unknown+2 · Midnight Commander+1

Published

1999-08-01

Updated

2022-01-19

CVE-1999-1337

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Midnight Commander (mc) versions prior to 4.5.11

Description: The issue concerns the storage of sensitive information in a world-readable file. Specifically, the FTP client stores usernames and passwords for visited sites in plaintext in the history file, allowing other local users to access this information and potentially gain privileges.

Recommendations: For versions prior to 4.5.11, update to version 4.5.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the history file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2022-1068

ALT-PU-2022-1089

CVE-1999-1337

Affected Products

Alt Linux

Midnight Commander

PT-1999-1658 · Unknown+2 · Midnight Commander+1

CVE-1999-1337

Related Identifiers

Affected Products

References · 37