oss-sec mailing list archives
CVE request for pithos information disclosure
From: Luke Faraone <lfaraone () debian org>
Date: Fri, 08 Apr 2011 10:34:09 -0400
Ian Daniher discovered that 'pithos' stores the username and password for external services in plain text in a configuration file. This configuration file is world-readable by defualt, resulting in a loss of user privacy. Reference: http://pad.lv/733307 Can I get a CVE identifier for this flaw? -- Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for pithos information disclosure Luke Faraone (Apr 08)
- Re: CVE request for pithos information disclosure Josh Bressers (Apr 08)