Vulnerabilities > CVE-2013-1853 - Cryptographic Issues vulnerability in Almanah Project Almanah 0.10.0/0.9.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-241.NASL description Almanah was updated to encrypt the database when the application closes. (bgo#695117, bnc#809140, CVE-2013-1853). last seen 2020-06-05 modified 2014-06-13 plugin id 74940 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74940 title openSUSE Security Update : almanah (openSUSE-SU-2013:0532-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-74.NASL description - Update to version 0.9.1 : + Almanah doesn last seen 2020-06-05 modified 2014-06-13 plugin id 75403 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75403 title openSUSE Security Update : almanah (openSUSE-SU-2014:0118-1)