CVE-2014-1835 - The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users t

CVE-2014-1835

Summary

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

References

http://www.openwall.com/lists/oss-security/2014/01/31/10
http://xforce.iss.net/xforce/xfdb/90858

Vulnerable Configurations

cpe:2.3:a:echor_project:echor:0.1.6:*:*:*:*:ruby:*:*
cpe:2.3:a:echor_project:echor:0.1.6:*:*:*:*:ruby:*:*

CVSS

Base:	2.1 (as of 14-02-2018 - 15:12)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

mlist	[oss-security] 20140131 Re: echor 0.1.6 Ruby Gem exposes login credentials
xf	echor-ruby-system-process-info-disc(90858)

Last major update

14-02-2018 - 15:12

Published

02-02-2018 - 21:29

Last modified

14-02-2018 - 15:12