The host is installed with Python 2.6 before 2.7.4 or 3.x through 3.2 and is prone to information disclosure vulnerability. The flaw is present in the application, which creates ~/.pypirc with world-readable permissions before changing them after data has been written. Successful exploitation introduces a race condition that allows local users to obtain a username and password by reading this file.