CVE-2008-7320

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision

CVSS v3 6.8 MEDIUM
CVSS v2.0 2.1 LOW

6.8^/10

CVSS v3 : MEDIUM

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774	Issue Tracking Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13	Issue Tracking Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=551036	Issue Tracking Vendor Advisory
https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:seahorse:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:03

Type	Values Removed	Values Added
Summary	DISPUTED GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.	GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision

Information

Published : 2018-11-18 19:29

Updated : 2024-04-11 00:45

NVD link : CVE-2008-7320

Mitre link : CVE-2008-7320

CVE.ORG link : CVE-2008-7320

JSON object : View

Products Affected

gnome

seahorse

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-7320", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-11-18T19:29:00.220", "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.gnome.org/show_bug.cgi?id=551036", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision"}, {"lang": "es", "value": "** EN DISPUTA ** GNOME Seahorse hasta la versi\u00f3n 3.30 permite que atacantes f\u00edsicamente cercanos lean contrase\u00f1as en texto plano mediante el di\u00e1logo quickAllow en una estaci\u00f3n de trabajo sin atender, si el llavero est\u00e1 desbloqueado. NOTA: un mantenedor de software discute esto debido a que el comportamiento refleja una decisi\u00f3n de dise\u00f1o."}], "lastModified": "2024-04-11T00:45:03.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:seahorse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD0725B-FE16-4D17-8079-B2F7558B8316", "versionEndIncluding": "3.30"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}