LiveActive security incident?Get immediate response
CVE Record

CVE-2008-7320: GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the...

GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This is not a remote network compromise. The report says someone physically at an unattended GNOME desktop could view saved passwords if the user's keyring was already unlocked. It is disputed as expected design behavior, so business urgency is mainly workstation hygiene and physical access control.

Executive priority

Handle as a low-priority but real endpoint governance issue unless sensitive shared workstations, kiosks, labs, or privileged admin desktops use Seahorse. Focus on screen-lock enforcement, physical security, and credential storage practices rather than emergency patch response.

Technical view

CVE-2008-7320 describes GNOME Seahorse through 3.30 exposing plaintext passwords to a physically proximate actor through an authorization dialog when the keyring is unlocked. The bundle provides no CVSS, CWE, CPE, KEV listing, or confirmed patch. A maintainer reportedly disputed the issue as a design decision.

Likely exposure

Exposure appears limited to Linux desktop environments using GNOME Seahorse/keyring where a logged-in user's keyring is unlocked and the workstation is unattended or physically accessible. The source bundle does not identify specific distributions, CPEs, or enterprise deployment prevalence.

Exploitation context

The provided sources do not support active exploitation. The scenario requires physical or console proximity to an unattended session and an already unlocked keyring, which makes it more of a local misuse and endpoint control risk than an internet-facing vulnerability.

Researcher notes

The record is sparse and disputed. Treat the affected-version claim as reported by the CVE description, not independently validated here. No exploit status, CVSS vector, fixed version, or vendor-endorsed mitigation is present in the supplied bundle.

Mitigation direction

  • Enforce automatic screen locking for idle workstations.
  • Require strong unlock authentication after sleep, lock, or inactivity.
  • Restrict physical access to workstations handling sensitive credentials.
  • Review GNOME and distribution guidance for Seahorse behavior or updates.
  • Reduce storage of reusable plaintext passwords where operationally possible.

Validation and detection

  • Inventory systems with GNOME Seahorse or GNOME keyring installed.
  • Check whether users store sensitive credentials in Seahorse.
  • Verify idle lock policies apply consistently across Linux desktops.
  • Confirm keyrings are not left unlocked on unattended sessions.
  • Review vendor trackers for any maintained package guidance.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2008-7320 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
5Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.