PT-2017-10735 · Gnome+1 · Gnome Web+1
Michael Catanzaro
·
Published
2017-02-04
·
Updated
2017-08-04
·
CVE-2017-1000025
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GNOME Web (Epiphany) versions 3.23 before 3.23.5
GNOME Web (Epiphany) versions 3.22 before 3.22.6
GNOME Web (Epiphany) versions 3.20 before 3.20.7
GNOME Web (Epiphany) versions 3.18 before 3.18.11
GNOME Web (Epiphany) versions prior to 3.18
Description
The issue allows for a password manager sweep attack, resulting in the remote exfiltration of stored passwords for a selected set of websites.
Recommendations
For versions 3.23 before 3.23.5, update to version 3.23.5 or later.
For versions 3.22 before 3.22.6, update to version 3.22.6 or later.
For versions 3.20 before 3.20.7, update to version 3.20.7 or later.
For versions 3.18 before 3.18.11, update to version 3.18.11 or later.
For versions prior to 3.18, update to version 3.18 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Gnome Web