CVE-2017-8296
Summary
| CVE | CVE-2017-8296 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-27 15:59:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext. |
Risk And Classification
Primary CVSS: v3.0 7.5 HIGH from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Problem Types: CWE-522 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ked Password Manager Project | Ked Password Manager | 0.5 | All | All | All |
| Application | Ked Password Manager Project | Ked Password Manager | 1.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| #860817 - kedpm: CVE-2017-8296: Information leak via the command history file - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | Issue Tracking, Patch |
| oss-security - kedpm: Information leak via the command history file | af854a3a-2127-422b-91ae-364da2661108 | openwall.com | Mailing List, Third Party Advisory |
| Ked Password Manager: Information leak (GLSA 201708-04) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| KED Password Manager / Bugs / #6 INFORMATION DISCLOSURE: command history file saved in clear text on disk | af854a3a-2127-422b-91ae-364da2661108 | sourceforge.net | Issue Tracking, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.