Description
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1125
Scores
EPSS
0.0007
EPSS Percentile
21.0%
Details
Status
published
Products (7)
gnu/emacs
20.0
gnu/emacs
20.1
gnu/emacs
20.2
gnu/emacs
20.3
gnu/emacs
20.4
gnu/emacs
20.5
gnu/emacs
20.6
Published
Apr 18, 2000
Tracked Since
Feb 18, 2026