SB2014012405 - Cryptographic issues in almanah



SB2014012405 - Cryptographic issues in almanah

Published: January 24, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014012405
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Cryptographic issues (CVE-ID: CVE-2013-1853)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.


Remediation

Install update from vendor's website.