Improper Permission Restriction in Pithos 0.3.7 Allows Unauthorized Access to Pandora Credentials

Improper Permission Restriction in Pithos 0.3.7 Allows Unauthorized Access to Pandora Credentials

CVE-2011-1500 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.

Learn more about our User Device Pen Test.