Home > Vulnerability Database > CVE-2017-8296

Mend.io Vulnerability Database

CVE-2017-8296

Date: April 27, 2017

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.

Severity Score

7.5

Related Resources (7)

Url: http://openwall.com/lists/oss-security/2017/04/26/9

Url: https://sourceforge.net/p/kedpm/bugs/6/

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-8296

Url: https://security.gentoo.org/glsa/201708-04

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-8296

Url: https://www.mend.io/vulnerability-database/CVE-2017-8296

Severity Score

7.5

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-8296

Date: April 27, 2017

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?