Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1567 to the following vulnerability: phpMyAdmin before 2.11.5.1 stores the (1) MySQL username, (2) password, and the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows local users to obtain sensitive information. References: http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 http://www.frsirt.com/english/advisories/2008/1037/references http://secunia.com/advisories/29613
Updates were already built and are currently awaiting bodhi review.
phpMyAdmin-2.11.5.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-2.11.5.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2874 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2825