An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 | Exploit Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html | Third Party Advisory |
https://security.gentoo.org/glsa/202009-08 | Third Party Advisory |
https://usn.ubuntu.com/4464-1/ | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 | Exploit Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html | Third Party Advisory |
https://security.gentoo.org/glsa/202009-08 | Third Party Advisory |
https://usn.ubuntu.com/4464-1/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html - Third Party Advisory | |
References | () https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 - Exploit, Patch, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html - Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202009-08 - Third Party Advisory | |
References | () https://usn.ubuntu.com/4464-1/ - Third Party Advisory |
Information
Published : 2020-08-11 21:15
Updated : 2024-11-21 05:08
NVD link : CVE-2020-17489
Mitre link : CVE-2020-17489
CVE.ORG link : CVE-2020-17489
JSON object : View
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
gnome
- gnome-shell
opensuse
- leap
CWE
CWE-522
Insufficiently Protected Credentials