CVE-2011-1943

CWE-532 — Log File Information Exposure8 documents6 sources

Severity

2.1LOW

EPSS

0.0%

top 87.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Networkmanager Fedoraproject Fedora

Timeline

PublishedJun 14

Latest updateMay 13

Description

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDgnome/networkmanager< 0.8.9997

Also affects: Fedora 15

Patches

Patch: cgit.freedesktop.org ↗Patch: bugzilla.redhat.com ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-5mpv-cwqv-8722: The destroy_one_secret function in nm-setting-vpn↗2022-05-13

▶

CVEList

CVE-2011-1943: The destroy_one_secret function in nm-setting-vpn↗2011-06-14

▶

📋Vendor Advisories

Red Hat

NetworkManager: Password to unlock the certificate is being logged↗2011-05-29

▶

Debian

CVE-2011-1943: network-manager-openvpn - The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the Network...↗2011

▶

💬Community

Bugzilla

CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [fedora-all]↗2011-06-01

▶

Bugzilla

CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [epel-all]↗2011-06-01

▶

Bugzilla

CVE-2011-1943 NetworkManager: Password to unlock the certificate is being logged↗2011-05-30

▶