CVE-2008-4677 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-4677 Interim 1 5 2023-12-09T02:07:52Z current 2021-05-30T12:44:13Z 2023-12-09T02:07:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-4677 autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5/#NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5 E-Mail link for SUSE-SR:2009:007 https://www.suse.com/support/security/rating/ SUSE Security Ratings autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." CVE-2008-4677 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N