Main Vulnerability Database Vulnerabilities #VU42112

Cryptographic issues in almanah - CVE-2013-1853

Published: January 24, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU42112

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-1853

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
almanah

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.

How to mitigate CVE-2013-1853

Install update from vendor's website.

Sources

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905
http://lists.opensuse.org/opensuse-updates/2014-01/msg00080.html
http://www.openwall.com/lists/oss-security/2013/03/13/1
https://bugzilla.gnome.org/show_bug.cgi?id=695117
https://bugzilla.redhat.com/show_bug.cgi?id=920848

Cryptographic issues in almanah - CVE-2013-1853

Detailed vulnerability description

How to mitigate CVE-2013-1853

Sources

Please verify you're human