December 14, 2000

KDE Kmail password encryption vulnerability

Author: JT Smith

"An attacker with read access to the victim user's home directory, and therefore to the configuration file in which the encrypted password is stored, could potentially gain access to the victim user's private mail messages. If an administrator's account is exploited in this way, system passwords or other sensitive information could be disclosed, supporting further breaches of the host's security." Full details at SecurityFocus.


  • Linux
Click Here!