oss-sec mailing list archives
Re: paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials
From: cve-assign () mitre org
Date: Wed, 8 Jan 2014 12:56:11 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
curl ... -H "App-Key: {app_key}" -u " {username}:#{password}" A malicious user could monitor the process tree to steal the API key, username and password for the API login.
Use CVE-2014-1233. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSzZDoAAoJEKllVAevmvmsY4cH/Rr4UkVUc8uqZQ/zAhlT76DX +bbmSJRrdZbZR1MaRPao16EWuLKeC4eSQRl6UADX9pC0rxh6Wq3+aaZK66T8pwTp Qgk8fn8nxZ9SJpTheYjDJkIbpQ2SmzMNd+DUUXxNQ/HrXO6wv/gDMK2Z1hOBYk6f 45ue9WAmwXjBnVbnizIs4okC3ZcSE1+H4Djpq+c0EKacan9IxEMVACB95Op0049V B33cWdUrvKxTjaELtS/oRgOUuaTx+093wqMP3PuDSSHhZ51DiqGQ7+qLAVjEJTvb ri/fQECLxyWSyIoiEDnpFCAdTaGVpuJEq+lVgqYsphBwAlvt29USM0LXH7HoMtw= =79GU -----END PGP SIGNATURE-----
Current thread:
- paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials Larry W. Cashdollar (Jan 07)
- Re: paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials cve-assign (Jan 08)