Joined: 12 May 2004
|Posted: Mon Aug 21, 2017 12:26 am Post subject: [ GLSA 201708-04 ] Ked Password Manager
|Gentoo Linux Security Advisory
Title: Ked Password Manager: Information leak (GLSA 201708-04)
Exploitable: local, remote
An insecure file usage has been reported in Ked Password Manager
possibly allowing confidential information to be disclosed.
Helps to manage large numbers of passwords and related information and
simplifies the tasks of searching and entering password data.
Vulnerable: <= 0.4.0-r2
Architectures: All supported architectures
A history file in ~/.kedpm/history is written in clear text. All of the
commands performed in the password manager are written there. This can
lead to the disclosure of the master password if the “password”
command is used with an argument. The names of the password entries
created and consulted are also accessible in clear text.
An attacker could obtain confidential information.
There is no known workaround at this time.
Gentoo Security recommends that users unmerge Ked Password Manager:
|# emerge --unmerge "app-admin/kedpm"
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 2 times in total