High severity7.5NVD Advisory· Published Apr 27, 2017· Updated May 13, 2026

CVE-2017-8296

Description

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.

Affected products

Ked Password Manager Project/Ked Password Manager2 versions
cpe:2.3:a:ked_password_manager_project:ked_password_manager:0.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ked_password_manager_project:ked_password_manager:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ked_password_manager_project:ked_password_manager:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatch
sourceforge.net/p/kedpm/bugs/6/nvdIssue TrackingPatchThird Party Advisory
openwall.com/lists/oss-security/2017/04/26/9nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/201708-04nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000