----------------------------------------------------------------------


Proof-of-Concept (PoC) and Extended Analysis available for customers.

Get a free trial, contact sales@secunia.com


----------------------------------------------------------------------

TITLE:
Password Manager Daemon "key_file" Parameter Security Issue

SECUNIA ADVISORY ID:
SA39684

VERIFY ADVISORY:
http://secunia.com/advisories/39684/

DESCRIPTION:
A security issue has been reported in Password Manager Daemon (pwmd),
which can lead to insecure configurations.

The security issue is caused due to the application reading data from
the specified "key_file" as ASCII, although users may use binary data
in the file. This can lead to a weaker key being used if e.g. NULL
bytes or newline characters are included in the binary data.

SOLUTION:
Update to version 2.14, which documents the behaviour and alerts
users in case of truncated key data.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://benkibbey.wordpress.com/2010/05/01/pwmd-2-14/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------