Bug 439974 (CVE-2008-1567)

Summary: CVE-2008-1567 phpMyAdmin: user/password/secret key are stored plaintext
Product: [Other] Security Response Reporter: Robert Scheck <redhat>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mmcgrath
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-02 17:14:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2008-04-01 06:17:20 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1567 to
the following vulnerability:

phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) password, and
the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows 
local users to obtain sensitive information.

References:
http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
http://www.frsirt.com/english/advisories/2008/1037/references
http://secunia.com/advisories/29613
Comment 1 Robert Scheck 2008-04-01 06:18:53 UTC 
Updates were already built and are currently awaiting bodhi review.
Comment 2 Fedora Update System 2008-04-01 21:33:44 UTC 
phpMyAdmin-2.11.5.1-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2008-04-01 21:38:06 UTC 
phpMyAdmin-2.11.5.1-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Red Hat Product Security 2008-04-02 17:14:44 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2874
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2825