PT-2018-4017 · Gnome+1 · Gnome Seahorse+1
Published
2018-11-18
·
Updated
2024-08-07
·
CVE-2008-7320
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GNOME Seahorse versions prior to 3.31
Description
The issue allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. This behavior is considered a design decision by a software maintainer, which is disputed.
Recommendations
For GNOME Seahorse versions prior to 3.31, consider locking the keyring when the workstation is unattended to prevent unauthorized access to plaintext passwords.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gnome Seahorse