CVE-2017-8296

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
ked_password_manager_projectked_password_manager
0.5
ked_password_manager_projectked_password_manager
1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kedpm
noble
dne
mantic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
ignored
yakkety
ignored
xenial
needed
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2017/04/26/9
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
https://security.gentoo.org/glsa/201708-04
https://sourceforge.net/p/kedpm/bugs/6/
http://openwall.com/lists/oss-security/2017/04/26/9
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
https://security.gentoo.org/glsa/201708-04
https://sourceforge.net/p/kedpm/bugs/6/