Vulnerabilities > CVE-2014-1835 - Credentials Management vulnerability in Echor Project Echor 0.1.6

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

echor-project

CWE-255

NVD

Published: 2018-02-02

Updated: 2018-02-14

Summary

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

Vulnerable Configurations

Part	Description	Count
Application	Echor_Project Echor Project Echor 0.1.6	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.openwall.com/lists/oss-security/2014/01/31/10
http://xforce.iss.net/xforce/xfdb/90858