Date: Fri, 08 Apr 2011 10:34:09 -0400 From: Luke Faraone <lfaraone@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request for pithos information disclosure Ian Daniher discovered that 'pithos' stores the username and password for external services in plain text in a configuration file. This configuration file is world-readable by defualt, resulting in a loss of user privacy. Reference: http://pad.lv/733307 Can I get a CVE identifier for this flaw? -- Luke Faraone;; Debian & Ubuntu Developer; Sugar Labs, Systems lfaraone on irc.[freenode,oftc].net -- http://luke.faraone.cc PGP fprint: 5189 2A7D 16D0 49BB 046B DC77 9732 5DD8 F9FD D506 Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.