CVE-2020-17489

Опубликовано: 11 авг. 2020

Источник: redhat

CVSS3: 4.3

Описание

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

Отчет

This flaw does not affect gnome-shell as shipped with Red Hat Enterprise Linux 6 or 7. For 6, there is no option to view the password in the clear at login, and for 7, the login screen is killed upon login.

Меры по смягчению последствий

Do not use the "view password" context menu option when logging into gnome-shell.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	gnome-shell	Not affected
Red Hat Enterprise Linux 8	gnome-shell	Fixed	RHSA-2022:1814	10.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1868418gnome-shell: Password from logged-out user may be shown on login screen

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2020-17489

CVSS3: 4.3

ubuntu

больше 5 лет назад

CVE-2020-17489

CVSS3: 4.3

nvd

больше 5 лет назад

CVE-2020-17489

CVSS3: 4.3

debian

больше 5 лет назад

An issue was discovered in certain configurations of GNOME gnome-shell ...

openSUSE-SU-2020:1861-1

suse-cvrf

больше 5 лет назад

Security update for gnome-settings-daemon, gnome-shell

SUSE-SU-2020:3132-1

suse-cvrf

больше 5 лет назад

Security update for gnome-settings-daemon, gnome-shell

4.3 Medium

CVSS3