18 matches found
rpassword affected by partial password reveal when input is interrupted
rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...
GHSA-2P6R-X3VV-XQM2 rpassword affected by partial password reveal when input is interrupted
rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...
EUVD-2020-30979
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
CVE-2025-13175
Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...
EUVD-2025-131955
sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...
Important: thunderbird
Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...
CVE-2020-26965
CVE-2020-26965 is a browser/password-input issue affecting Firefox (including ESR) versions older than 83/78.5 and Thunderbird older than 78.5. The problem arises when a user’s password is revealed via a “Show Password” control, and, in conjunction with a software keyboard that remembers input, t...
Mozilla: Software keyboards may have remembered typed passwords
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...
Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla
A parsing and event loading mismatch in Thunderbird's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. When drawing a...
CVE-2019-15635
CVE-2019-15635 affects Grafana 5.4.0: passwords for data sources (e.g., MySQL) are stored unencrypted and can be exposed. An admin can reveal these credentials by using the Save and test button in a data source’s settings, watching the traffic, or using the browser’s Show password option. The con...
CVE-2017-7510
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface...
Microsoft Windows: Do not display the password reveal button
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winpasswordreveal.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Do not display the password reveal button Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
Asterisk Password Spy v3.1 - Windows Asterisk Password Recovery Tool
Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks . It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by...
Microworld Mailscan 5.6.a Password Reveal Exploit
No description provided by source. / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email: [email protected]...
Microworld Mailscan 5.6.a - Password Reveal
Microworld Mailscan 5.6.a - Password Reveal / ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email:...
Microworld Mailscan 5.6.a Password Reveal Exploit
Exploit for unknown platform in category remote exploits ================================================= Microworld Mailscan 5.6.a Password Reveal Exploit ================================================= /...
Microworld Mailscan 5.6.a - Password Reveal
/ ---------------------------------------------------------------------------------------------- / / / \ \ / / / / / / \ | / / / / / // // / / |/ / //////|/ 2008 SecurityDevelopment.net Author: SlaYeR Date: 25. Aug. 2008 Email: [email protected] Website:...
kppp-1.6.14.txt
here exists a bug in kppp 1.6.14 where a local user dialing up into the internet can copy the stars in the password box and put them into an xterm where the stars will be unrevealed and that password will be shown. seeya rarez...