Description
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
Affected products
- gnu / emacs20.0 – 20.0
- gnu / emacs20.1 – 20.1
- gnu / emacs20.2 – 20.2
- gnu / emacs20.3 – 20.3
- gnu / emacs20.4 – 20.4
- gnu / emacs20.5 – 20.5
- gnu / emacs20.6 – 20.6