oss-sec mailing list archives

Re: CVE request for pithos information disclosure

From: Josh Bressers <bressers () redhat com>
Date: Fri, 8 Apr 2011 16:19:10 -0400 (EDT)



----- Original Message -----

Ian Daniher discovered that 'pithos' stores the username and password
for external services in plain text in a configuration file. This
configuration file is world-readable by defualt, resulting in a loss
of
user privacy.

Reference: http://pad.lv/733307

Can I get a CVE identifier for this flaw?


The real URL is:
https://bugs.launchpad.net/pithos/+bug/733307

Please use CVE-2011-1500.

Thanks.

-- 
    JB

Current thread:

CVE request for pithos information disclosure Luke Faraone (Apr 08)
- Re: CVE request for pithos information disclosure Josh Bressers (Apr 08)