Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-12755  

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password. This is considered a security issue by users who do not trust KWallet (e.g. because passwords can be read in KWalletManager, given physical access).

Source
Severity Low

Remote No

Type Insufficient validation

Description 

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.  This may lead to unintended KWallet storage of the password.

This is considered a security issue by users who do not trust KWallet (e.g. because passwords can be read in KWalletManager, given physical access).

AVG-1156 kio-extras 19.12.3-1 20.04.0-1 Low Fixed 

https://kde.org/info/security/advisory-20200510-1.txt
https://commits.kde.org/kio-extras/d813cef3cecdec9af1532a40d677a203ff979145

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started