tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected