Vulnerabilities > CVE-2014-1835 - Credentials Management vulnerability in Echor Project Echor 0.1.6

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

echor-project

CWE-255

NVD

Published: 2018-02-02

Updated: 2024-11-21

Summary

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

Vulnerable Configurations

Part	Description	Count
Application	Echor_Project Echor Project Echor 0.1.6	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.openwall.com/lists/oss-security/2014/01/31/10
http://www.openwall.com/lists/oss-security/2014/01/31/10
http://xforce.iss.net/xforce/xfdb/90858
http://xforce.iss.net/xforce/xfdb/90858