Note:
This project will be discontinued after December 13, 2021. [more]
2018-11-18
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision
| Products | Seahorse |
| Type | Credentials Management (CWE-255) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
• https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13 • https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification • https://bugzilla.gnome.org/show_bug.cgi?id=551036 |