CVE-2018-20781

Sažetak

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Reference

https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
https://bugzilla.gnome.org/show_bug.cgi?id=781486
https://github.com/huntergregal/mimipenguin
https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da
https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2
https://usn.ubuntu.com/3894-1/
https://www.oracle.com/security-alerts/cpujan2021.html

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

16-03-2021 - 14:02

Objavljeno

12-02-2019 - 17:29