CVE-2017-6911
MEDIUMUSB Pratirodh - Insecure Storage of Sensitive Information in usb.xml
Title source: llmDescription
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96970
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Mar/43
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/540289/100/0/threaded
Scores
CVSS v3
6.6
EPSS
0.0057
EPSS Percentile
42.7%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-922
Status
published
Products (1)
usb_pratirodh_project/usb_pratirodh
Published
Mar 23, 2017
Tracked Since
Feb 18, 2026