CVE-2017-15918

HIGH

Ignitum Sera - Insufficiently Protected Credentials

Title source: rule

Description

Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

Exploits (1)

exploitdb WORKING POC

by Mark Wadham · bashlocalmacos

https://www.exploit-db.com/exploits/43221

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://m4.rkw.io/blog/cve201715918-sera-12-local-root-privesc-and-password-disclosure.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43221/

Scores

CVSS v3 7.8

EPSS 0.0026

EPSS Percentile 48.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status draft

Affected Products (2)

ignitum/sera

Timeline

Published Nov 01, 2017

Tracked Since Feb 18, 2026