CVE-1999-1270
First published: Sat Jul 11 1998(Updated: )
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE Kde Beta 3 | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1270?
CVE-1999-1270 is classified as a moderate severity vulnerability due to its potential to expose sensitive PGP passphrases to local users.
How do I fix CVE-1999-1270?
To mitigate CVE-1999-1270, update KMail to a version that does not pass the PGP passphrase as a command line argument or implement process access controls to restrict visibility of process information.
Who is affected by CVE-1999-1270?
Users of KMail version 1.0 are affected by CVE-1999-1270, particularly those utilizing PGP encryption.
What types of attacks can be executed due to CVE-1999-1270?
CVE-1999-1270 can allow local attackers to compromise PGP keys by accessing passphrases exposed through process listings.
What versions of KMail are vulnerable to CVE-1999-1270?
Only KMail version 1.0 is affected by CVE-1999-1270.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/kde
- canonical/kde kde beta 3
- version/kde kde beta 3/1.0