Advisories ยป MGASA-2013-0262

Updated nagstamon package fixes security vulnerability

Publication date: 30 Aug 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4114


A user details information exposure flaw was found in the way Nagstamon
performed automated requests to get information about available updates.
Remote attackers could use this flaw to obtain user credentials for servers
monitored by the desktop status monitor due to their improper (base64
encoding-based) encoding in the HTTP request, when the HTTP Basic
authentication scheme was used (CVE-2013-4114).