CVE-2000-0271

read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/1125	Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de
http://www.securityfocus.com/bid/1125	Patch Vendor Advisory
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:emacs:20.0:::::::*
	cpe:2.3:a:gnu:emacs:20.1:::::::*
	cpe:2.3:a:gnu:emacs:20.2:::::::*
	cpe:2.3:a:gnu:emacs:20.3:::::::*
	cpe:2.3:a:gnu:emacs:20.4:::::::*
	cpe:2.3:a:gnu:emacs:20.5:::::::*
	cpe:2.3:a:gnu:emacs:20.6:::::::*

History

No history.

Information

Published : 2000-04-18 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2000-0271

Mitre link : CVE-2000-0271

CVE.ORG link : CVE-2000-0271

JSON object : View

Products Affected

gnu

emacs

CWE

NVD-CWE-Other

{"id": "CVE-2000-0271", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-04-18T04:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/1125", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/1125", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf%40mercury.rus.uni-stuttgart.de", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460F3A1-71DD-4A37-9F17-6B4E5C9A46AE"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9D5B3C-7534-4DC6-BE44-91A0031FBA6C"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB2E29F-371A-43AB-8CBF-DDFABDB103BB"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F6124D-F3C1-4E4C-B580-85AB01833885"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9571E866-AB82-4B95-8097-ED0DA038331F"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A773690-9650-40E1-BCE3-7E020AF61BCD"}, {"criteria": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26D9A554-CB40-461D-9C95-78051B0CA354"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}