RubySec

Providing security resources for the Ruby community

CVE-2014-5001 (kcapifony): kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure

ADVISORIES

GEM

kcapifony

PATCHED VERSIONS

None.

DESCRIPTION

kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories