{"api_version":"1","generated_at":"2026-07-07T14:05:43+00:00","cve":"CVE-2017-8296","urls":{"html":"https://cve.report/CVE-2017-8296","api":"https://cve.report/api/cve/CVE-2017-8296.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-8296","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-8296"},"summary":{"title":"CVE-2017-8296","description":"kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the \"password\" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-04-27 15:59:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-522","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817","name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"],"title":"#860817 - kedpm: CVE-2017-8296: Information leak via the command history file - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2017/04/26/9","name":"http://openwall.com/lists/oss-security/2017/04/26/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - kedpm: Information leak via the command history file","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201708-04","name":"https://security.gentoo.org/glsa/201708-04","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ked Password Manager: Information leak (GLSA 201708-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceforge.net/p/kedpm/bugs/6/","name":"https://sourceforge.net/p/kedpm/bugs/6/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"KED Password Manager / Bugs / #6 INFORMATION DISCLOSURE: command history file saved in clear text on disk","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-8296","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8296","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"8296","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ked_password_manager_project","cpe5":"ked_password_manager","cpe6":"0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"8296","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ked_password_manager_project","cpe5":"ked_password_manager","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T16:34:21.669Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://openwall.com/lists/oss-security/2017/04/26/9"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sourceforge.net/p/kedpm/bugs/6/"},{"name":"GLSA-201708-04","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201708-04"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-04-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the \"password\" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-21T09:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://openwall.com/lists/oss-security/2017/04/26/9"},{"tags":["x_refsource_MISC"],"url":"https://sourceforge.net/p/kedpm/bugs/6/"},{"name":"GLSA-201708-04","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201708-04"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-8296","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the \"password\" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://openwall.com/lists/oss-security/2017/04/26/9","refsource":"CONFIRM","url":"http://openwall.com/lists/oss-security/2017/04/26/9"},{"name":"https://sourceforge.net/p/kedpm/bugs/6/","refsource":"MISC","url":"https://sourceforge.net/p/kedpm/bugs/6/"},{"name":"GLSA-201708-04","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201708-04"},{"name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817","refsource":"CONFIRM","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-8296","datePublished":"2017-04-27T15:00:00.000Z","dateReserved":"2017-04-27T00:00:00.000Z","dateUpdated":"2024-08-05T16:34:21.669Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-04-27 15:59:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-522","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ked_password_manager_project:ked_password_manager:0.5:*:*:*:*:*:*:*","matchCriteriaId":"CA192A78-6552-4738-A889-9FD7830F47C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ked_password_manager_project:ked_password_manager:1.0:*:*:*:*:*:*:*","matchCriteriaId":"31211E9C-D923-4CC8-8283-98C01C60127A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"8296","Ordinal":"1","Title":"CVE-2017-8296","CVE":"CVE-2017-8296","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"8296","Ordinal":"1","NoteData":"kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the \"password\" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.","Type":"Description","Title":"CVE-2017-8296"},{"CveYear":"2017","CveId":"8296","Ordinal":"2","NoteData":"2017-04-27","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"8296","Ordinal":"3","NoteData":"2017-08-21","Type":"Other","Title":"Modified"}]}}}