CVE-2017-8296
HIGHked_password_manager 0.5 and 1.0 - Insufficiently Protected Credentials via Cleartext History File
Title source: llmDescription
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://openwall.com/lists/oss-security/2017/04/26/9
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/kedpm/bugs/6/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-04
Issue Tracking, Patch x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
Scores
CVSS v3
7.5
EPSS
0.0138
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (2)
ked_password_manager_project/ked_password_manager
0.5
ked_password_manager_project/ked_password_manager
1.0
Published
Apr 27, 2017
Tracked Since
Feb 18, 2026