brbackup Gem for Ruby Process List Local Plaintext Password Disclosure
Published: July 09, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-5004 (NVD)
- GHSA: GHSA-vqcm-7f7f-r539
- OSVDB: OSVDB-108901
- Vendor Advisory: http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html
GEM
SEVERITY
PATCHED VERSIONS
None available.
DESCRIPTION
brbackup Gem for Ruby contains a flaw that is due to the program exposing password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2014-5004
- http://www.vapid.dhs.org/advisories/brbackup-0.1.1.html
- http://www.vapidlabs.com/advisory.php?v=25
- http://www.openwall.com/lists/oss-security/2014/07/10/6
- http://www.openwall.com/lists/oss-security/2014/07/17/5
- http://www.securityfocus.com/bid/68506
- https://web.archive.org/web/20200229055655/https://www.securityfocus.com/bid/68506/