Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information. The script uses e.g. the insecure “-K” command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes. Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected. Version 1.4 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86593/secunia-bccrypt.txt
Source: https://packetstormsecurity.com/files/86593/Bournal-ccrypt-Information-Disclosure.html