Miggo Logo

CVE-2014-1835:
Echor Ruby Gem credentials can be stolen via process table monitoring

7.8

CVSS Score
3.0

Basic Information

EPSS Score
0.14628%
CWE
-
Published
5/14/2022
Updated
6/30/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
echorrubygems<= 0.1.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly names perform_request in /lib/echor/backplane.rb as the source. Credential exposure via process table monitoring typically occurs when sensitive data is passed as command-line arguments (visible in ps/top). The CWE-255 mapping (Credentials Management Errors) and advisory details about 'curl -u {user}:{password}' usage confirm this pattern. Multiple authoritative sources (NVD, GitHub Advisory, RubySec DB) consistently reference this function without ambiguity.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** p*r*orm_r*qu*st *un*tion in /li*/***or/***kpl*n*.r* in ***or *.*.* Ru*y **m *llows lo**l us*rs to st**l t** lo*in *r***nti*ls *y w*t**in* t** pro**ss t**l*.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly n*m*s `p*r*orm_r*qu*st` in /li*/***or/***kpl*n*.r* *s t** sour**. *r***nti*l *xposur* vi* `pro**ss` t**l* monitorin* typi**lly o**urs w**n s*nsitiv* **t* is p*ss** *s *omm*n*-lin* *r*um*nts (visi*l* in ps/top)