PT-2014-5508 · Xbmc · Xbmc
Salvatore Bonaccorso
·
Published
2014-08-07
·
Updated
2017-06-19
·
CVE-2014-3800
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
XBMC version 13.0
Description
The issue allows local users to obtain user names and passwords by reading the .xbmc/userdata/sources.xml file due to world-readable permissions.
Recommendations
For XBMC version 13.0, consider changing the permissions of the .xbmc/userdata/sources.xml file to restrict read access to authorized users only.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xbmc