CVE-2007-1191
Description
Social Bookmarks plug-in 8F in Quicksilver logs del.icio.us credentials in plaintext to a world-readable console log file, exposing sensitive data to local users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Social Bookmarks plug-in 8F in Quicksilver logs del.icio.us credentials in plaintext to a world-readable console log file, exposing sensitive data to local users.
Vulnerability
Quicksilver Social Bookmarks plug-in version 8F for Mac OS X writes the user’s del.icio.us username and password in plaintext to /Library/Logs/Console/UID/Console.log. This occurs every time the plug-in authenticates to the del.icio.us service. The issue affects the “Social Bookmarks (del.icio.us) plug-in 8F” for Quicksilver on Mac OS X 10.3 and later [1].
Exploitation
No authentication or special privileges are required; the attacker must have local or remote access to read files under /Library/Logs/Console/UID/. Console.log is world-readable by default. The attacker simply opens the file and searches for the cleartext credentials [1].
Impact
Successful exploitation leaks the del.icio.us account username and password to any local user. This breach of confidentiality can lead to unauthorized access to the victim’s del.icio.us bookmarks and possibly other services if the password is reused [1].
Mitigation
The issue is fixed in a newer version of the plug-in; users should update to the latest release immediately. If updating is not possible, restrict read access to /Library/Logs/Console/ or avoid using the plug-in until it is patched [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:quicksilver:del.icio.us_module:8f:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.