KMail in KDE 1.0 PGP Passphrase Exposure Vulnerability

KMail in KDE 1.0 PGP Passphrase Exposure Vulnerability

CVE-1999-1270 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.

Learn more about our User Device Pen Test.