CVE-2010-2387Display Manager vulnerability

CWE-2555 documents5 sources
Severity
1.9LOWNVD
EPSS
0.1%
top 66.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Display Manager
Timeline
PublishedDec 21
Latest updateMay 17

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

NVDgnome/gnome_display_manager11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-748g-m8cr-v48g: vicious-extensions/ve-misc2022-05-17
CVEList
CVE-2010-2387: vicious-extensions/ve-misc2012-12-21

📋Vendor Advisories

1
Red Hat
gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode2009-02-15

💬Community

1
Bugzilla
CVE-2010-2387 gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode2012-12-21
CVE-2010-2387 — Gnome Display Manager vulnerability | cvebase