logo

Database

Sensitive information stored in logs In gdm

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package

Aliases

1. CVE-2010-23872. NVD-2010-23873. OSV-2010-2387

References

1. https://github.com/LogSec/CVE-2010-2387

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-17FKI – Vulnerability | Fluid Attacks Database