CVE-2008-1970 - muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users

CVE-2008-1970

Summary

muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.

References

Vulnerable Configurations

cpe:2.3:a:mucommander:mucommander:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:*:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:*:*:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta1:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta1:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta2:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta2:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta3:*:*:*:*:*:*
cpe:2.3:a:mucommander:mucommander:0.8:beta3:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	28875
confirm	http://www.mucommander.com/changes.php
secunia	29893
xf	mucommander-credentials-info-disclosure(41908)

Last major update

08-08-2017 - 01:30

Published

27-04-2008 - 18:05

Last modified

08-08-2017 - 01:30