Описание
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keepassx | fixed | 0.4.3+dfsg-1 | package | |
| keepassx | fixed | 0.4.3+dfsg-0.1+deb8u1 | jessie | package |
| keepassx | no-dsa | wheezy | package | |
| keepassx | no-dsa | squeeze | package |
Примечания
https://www.openwall.com/lists/oss-security/2015/11/30/4
Связанные уязвимости
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.