QwikSec

Security Database

CVE

CWE

Training

CVE-2015-9231

Published: Sep 20, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.com/gnachman/iterm2/issues/6050

x_refsource_MISC

https://gitlab.com/gnachman/iterm2/issues/5303

x_refsource_MISC

https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51

x_refsource_MISC

https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue

x_refsource_MISC

https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522

x_refsource_MISC

https://gitlab.com/gnachman/iterm2/issues/6068

x_refsource_MISC

https://gitlab.com/gnachman/iterm2/issues/3688

x_refsource_MISC

https://news.ycombinator.com/item?id=15286956

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.