oss-sec mailing list archives

CVE request for pithos information disclosure

From: Luke Faraone <lfaraone () debian org>
Date: Fri, 08 Apr 2011 10:34:09 -0400

Ian Daniher discovered that 'pithos' stores the username and password
for external services in plain text in a configuration file. This
configuration file is world-readable by defualt, resulting in a loss of
user privacy.

Reference: http://pad.lv/733307

Can I get a CVE identifier for this flaw?

-- 
Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems
lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc
PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request for pithos information disclosure Luke Faraone (Apr 08)
- Re: CVE request for pithos information disclosure Josh Bressers (Apr 08)