CVE-2014-1835

HIGH

echor 0.1.6 - Local Credential Exposure via Process Table

Title source: llm
STIX 2.1

Description

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/31/10
Broken Link vdb-entry x_refsource_xf
http://xforce.iss.net/xforce/xfdb/90858

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 14.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-255
Status published
Products (2)
echor_project/echor 0.1.6
rubygems/echor 0RubyGems
Published Feb 02, 2018
Tracked Since Feb 18, 2026