Описание
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gnome-keyring | Will not fix | ||
| Red Hat Enterprise Linux 7 | gnome-keyring | Will not fix | ||
| Red Hat Enterprise Linux 7 | libgnome-keyring | Not affected | ||
| Red Hat Enterprise Linux 8 | gnome-keyring | Not affected |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's pas ...
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Уязвимость сервиса хранения имен пользователей и паролей GNOME Keyring, связанная с ошибками управления регистрационными данными, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
4.4 Medium
CVSS3