In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 | Issue Tracking Patch Third Party Advisory |
https://bugzilla.gnome.org/show_bug.cgi?id=781486 | Issue Tracking Patch Vendor Advisory |
https://github.com/huntergregal/mimipenguin | Third Party Advisory |
https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3 | Vendor Advisory |
https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2 | Release Notes Vendor Advisory |
https://usn.ubuntu.com/3894-1/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-12T17:00:00
Updated: 2021-01-20T14:41:59
Reserved: 2019-02-12T00:00:00
Link: CVE-2018-20781
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-12T17:29:00.243
Modified: 2021-03-16T14:02:54.200
Link: CVE-2018-20781
JSON object: View
Redhat Information
No data.
CWE