PT-2020-13246 · Kde+1 · Kio-Extras+1

Published

2020-05-09

Updated

2021-07-21

CVE-2020-12755

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions kio-extras versions through 20.04.0

Description The issue arises from the fishProtocol::establishConnection function in fish/fish.cpp, which makes a cacheAuthentication call even when the user has not set the keepPassword option. This may result in unintended storage of a password in KWallet.

Recommendations For versions through 20.04.0, consider disabling the cacheAuthentication call when the keepPassword option is not set, or avoid using the fishProtocol::establishConnection function until a patch is available. As a temporary workaround, restrict access to the KWallet storage to minimize the risk of unintended password storage.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-1946

ALT-PU-2020-1961

ALT-PU-2020-2634

CVE-2020-12755

MGASA-2020-0371

Affected Products

Alt Linux

Kio-Extras

PT-2020-13246 · Kde+1 · Kio-Extras+1

CVE-2020-12755

Related Identifiers

Affected Products

References · 13