QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4677

Back to search

CVE-2008-4677

Published: Oct 22, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

VendorProductVersions

n/a

n/a

affected
n/a

References

30670
vdb-entry
x_refsource_BID
SUSE-SR:2009:007
vendor-advisory
x_refsource_SUSE
31464
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20081020 CVE request (vim)
mailing-list
x_refsource_MLIST
ADV-2008-2379
vdb-entry
x_refsource_VUPEN
34418
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:236
vendor-advisory
x_refsource_MANDRIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2008-4677 - Security Vulnerability | QwikSec