Control: tags -1 security
Control: severity -1 serious

According to

  https://chat.mistral.ai/chat/27317f33-8880-49f4-b5d8-f8bef90d7a08

"the password (and possibly other sensitive data) was stored in
regular, unlocked memory" (because the otpclient/GTK4 accepted
the password instead of aborting after the mlock failure). So
this is apparently a security issue.

There may actually be 2 bugs:

1. The fact that the password is stored in regular, unlocked memory
   (security).

2. The fact that mlock fails with ENOMEM on such a low value.

-- 
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Reply via email to