CVE-2018-20839

Отчет

This vulnerability is rated as moderate rather than important because its exploitation requires specific local conditions that limit its impact and accessibility. The issue arises only under scenarios where user home directories become inaccessible, causing the login process to expose password input on a virtual terminal (VT1). To exploit this, an attacker needs local physical access (AV:P) or authenticated remote access (such as through SSH) to the system, and direct user interaction is necessary (UI:R) to actively switch between virtual terminals using Ctrl+Alt+F1 and Ctrl+Alt+F2. Furthermore, the vulnerability is confined to compromising the confidentiality of password inputs (C:H), with no effect on the system's integrity (I:N) or availability (A:N). It does not grant elevated privileges, modify system state, or interfere with ongoing system operations. The combination of requiring physical proximity, specific environmental conditions, and manual toggling significantly reduces the likelihood and broader exploitability of this vulnerability, thus categorizing it as moderate severity rather than important. Further complications occur in this issue: the initial fix provided by upstream introduced a regression and was reverted. In the process of managing a new fix, other contributory issues were reported against Xorg and Plymouth. Plymouth's issue was resolved. The ostensible fix versions of systemd (v243) and Plymouth (v0.9.4) are both fixed in RHEL-9, therefore RHEL-9 has been determined to be Not Affected by this flaw. Because of uncertainties and unknowns surrounding the purported fixes, the issue will not be corrected in RHEL-8. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Access to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.