Published: 27/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Ked Password Manager Project

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ked password manager project ked password manager 1.0
ked password manager project ked password manager 0.5

Debian Bug report logs - #860817 kedpm: CVE-2017-8296: Information leak via the command history file Package: src:kedpm; Maintainer for src:kedpm is Antoine Beaupré <anarcat@debianorg>; Reported by: Gabriel Filion <gabster@lelutinca> Date: Thu, 20 Apr 2017 15:00:02 UTC Severity: grave Tags: patch, security, upstre ...

CWE-522 https://sourceforge.net/p/kedpm/bugs/6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 http://openwall.com/lists/oss-security/2017/04/26/9 https://security.gentoo.org/glsa/201708-04 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8296

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect