Quicksilver Del.icio.us Module Username and Password Information Disclosure Vulnerability

Bugtraq ID:	22752
Class:	Design Error
CVE:	CVE-2007-1191
Remote:	No
Local:	Yes
Published:	Feb 28 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	MaxP is credited with the discovery of this vulnerability.
Vulnerable:	Quicksilver Del.icio.us Module 8F
Not Vulnerable:

Quicksilver Del.icio.us Module Username and Password Information Disclosure Vulnerability

Quicksilver Del.icio.us Module is prone to a local information-disclosure vulnerability because the application fails to protect sensitive information from nonprivileged users.

An attacker can exploit this issue to obtain the authentication credentials for a user of the 'http://del.icio.us/' bookmark website. Exploiting this issue may help the attacker launch further attacks.

Version 8F is reported vulnerable; newer versions are not affected.

Quicksilver Del.icio.us Module Username and Password Information Disclosure Vulnerability

An attacker may exploit this issue by gaining local interactive access to an affected computer.

Quicksilver Del.icio.us Module Username and Password Information Disclosure Vulnerability

Solution:
The reporter of this issue indicates that newer versions are not affected.

Quicksilver Del.icio.us Module Username and Password Information Disclosure Vulnerability

References:

• del.icio.us Social Bookmarking Website (del.icio.us)
  
• Quicksilver Homepage (Blacktree)