CVE-2014-5001 (kcapifony): kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure

June 30th, 2014

ADVISORIES

CVE-2014-5001 (NVD)
GHSA-6fcq-3cm2-j3j5
OSVDB-108571

GEM

kcapifony

SEVERITY

CVSS v3.x: 7.8 (High)

CVSS v2.0: 2.1 (Low)

PATCHED VERSIONS

None.

DESCRIPTION

kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.

http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html
http://www.vapidlabs.com/advisory.php?v=65

RubySec

CVE-2014-5001 (kcapifony): kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories