PT-2017-18266 · Kedpm · Kedpm

Lelutin

Published

2017-04-27

Updated

2019-10-03

CVE-2017-8296

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions kedpm versions 0.5 through 1.0

Description The issue allows for the disclosure of sensitive information, including the master password, due to the storage of command history in cleartext. This affects the confidentiality of password entries and their names.

Recommendations For versions 0.5 through 1.0, consider removing or securing the history file located at ~/.kedpm/history to prevent unauthorized access to sensitive information. As a temporary workaround, avoid using the password command with an argument that could expose the master password. Restrict access to the history file to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2017-8296

DLA-925-1

Affected Products

Kedpm

PT-2017-18266 · Kedpm · Kedpm

CVE-2017-8296

Weakness Enumeration

Related Identifiers

Affected Products

References · 10