passphrase software vulnerabilities
vulnerabilities.aspcode.net
Searching passphrase software vulnerabilities
KMail in KDE 1.0 provides a PGP passphrase as a
information
|
passphrase
|
compromise
|
arguments
|
argument
|
programs
|
provides
|
process
|
command
|
viewing
|
obtain
|
local
|
users
|
other
|
KMail
|
which
|
allow
|
could
|
list
|
such
|
line
|
keys
|
KDE
|
via
|
PGP
|
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
The split key mechanism used by PGP 7.0 allows
authenticate
|
passphrases
|
passphrase
|
capturing
|
mechanism
|
setting
|
holders
|
allows
|
"Cache
|
option
|
logged
|
obtain
|
holder
|
access
|
entire
|
share
|
other
|
while
|
split
|
used
|
they
|
key
|
on"
|
PGP
|
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
Network Associates PGP 7.0.4 and 7.1 does not t
Associates
|
Network
|
PGP
|
Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.
Cross-site scripting (XSS) vulnerability in the
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
The web-based Management Console in Blue Coat S
Management
|
web-based
|
Security
|
Gateway
|
Console
|
through
|
Blue
|
Coat
|
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
BEA WebLogic Server and WebLogic Express 8.1 SP
WebLogic
|
Express
|
earlier
|
Server
|
BEA
|
SP3
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
Unspecified vulnerability in the G/PGP (GPG) Pl
vulnerability
|
Unspecified
|
G/PGP
|
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Software vulnerabilities results 1 to 8 of 8
Page:
1