Mageia 7: MGASA-2020-0371 Moderate: Kio-Extras Password Storage Issue

mageia

September 27, 2020

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option

Summary

fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password (CVE-2020-12755).

References

- https://bugs.mageia.org/show_bug.cgi?id=27297

- https://kde.org/info/security/advisory-20200510-1.txt

- https://www.cve.org/CVERecord?id=CVE-2020-12755

Topics Covered

security advisory password storage password leak Mageia kio-extras cacheAuthentication

Resolution

SRPMS

- 7/core/kio-extras-19.04.0-1.1.mga7

Publication date: 27 Sep 2020

URL: https://advisories.mageia.org/MGASA-2020-0371.html

Type: security

CVE: CVE-2020-12755

Topics Covered

security advisory password storage password leak Mageia kio-extras cacheAuthentication

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 7: MGASA-2020-0371 Moderate: Kio-Extras Password Storage Issue

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 7: MGASA-2020-0371 Moderate: Kio-Extras Password Storage Issue

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!