5 matches found
CVE-2008-7320
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision...
GHSA-5W8R-8PGJ-5JMF matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Impact An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of th...
Claim can only be created for a recipient once
Lines of code Vulnerability details Claim can only be created for a recipient once The function creating claims, createClaimUnchecked, has the hasNoClaim modifier, that is defined as opposite hasActiveClaim, meaning it reverts if there is an active claim for a user. It reverts if...
Design/Logic Flaw
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision...
CVE-2008-7320
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision...