3 matches found
Information Disclosure
encryptfs-utils is vulnerable to information disclosure. A disclosure flaw was found in the way the "ecryptfs-setup-private" script passed passphrases to the "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" commands as command line arguments. A local user could obtain the passphrases of...
Ansible: Information leak in "user" module
The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...
silc question - insecure memory
Good Evening, while screwing around tonight checking memory for the SSH2 advisory. I noticed passphrase and complete sessions from silc in memory. I dont know if this is normal for silc I wouldnt think it would be but all you need to do it is: cdowns@Vader:$ sudo dd if=/dev/mem...