In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 | Issue Tracking Patch Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=781486 | Issue Tracking Patch Vendor Advisory |
https://github.com/huntergregal/mimipenguin | Third Party Advisory |
https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3 | Vendor Advisory |
https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2 | Release Notes Vendor Advisory |
https://usn.ubuntu.com/3894-1/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
Configurations
History
16 Mar 2021, 14:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (MISC) https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da - Third Party Advisory | |
References | (MISC) https://github.com/huntergregal/mimipenguin - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-02-12 17:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-20781
Mitre link : CVE-2018-20781
CVE.ORG link : CVE-2018-20781
JSON object : View
Products Affected
oracle
- zfs_storage_appliance_kit
canonical
- ubuntu_linux
gnome
- gnome_keyring
CWE
CWE-522
Insufficiently Protected Credentials