CVE-2011-1943
published 2011-06-14CVE-2011-1943: The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry…
PriorityP44low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.21%
11.8th percentile
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | network-manager-openvpn | — | — |
| fedoraproject | fedora | — | — |
| gnome | networkmanager | < 0.8.9997 | 0.8.9997 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
NetworkManager: Password to unlock the certificate is being logged
vendor_redhat·2011-05-29·CVSS 2.1
CVE-2011-1943 [LOW] NetworkManager: Password to unlock the certificate is being logged
NetworkManager: Password to unlock the certificate is being logged
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
Statement: Not vulnerable. This issue did not affect the versions of NetworkManager as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
Debian
CVE-2011-1943: network-manager-openvpn - The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the Network...
vendor_debian·2011·CVSS 2.1
CVE-2011-1943 [LOW] CVE-2011-1943: network-manager-openvpn - The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the Network...
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-5mpv-cwqv-8722: The destroy_one_secret function in nm-setting-vpn
ghsa_unreviewed·2022-05-13
CVE-2011-1943 [LOW] CWE-532 GHSA-5mpv-cwqv-8722: The destroy_one_secret function in nm-setting-vpn
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [fedora-all]
bugzilla·2011-06-01·CVSS 2.1
CVE-2011-1943 [LOW] CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [fedora-all]
CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=708876
Please note:
Bugzilla
CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [epel-all]
bugzilla·2011-06-01·CVSS 2.1
CVE-2011-1943 [LOW] CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [epel-all]
CVE-2011-1943 NetworkManager-openvpn: Password to unlock the certificate is being logged [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=708876
Please note: th
Bugzilla
CVE-2011-1943 NetworkManager: Password to unlock the certificate is being logged
bugzilla·2011-05-30·CVSS 2.1
CVE-2011-1943 [LOW] CVE-2011-1943 NetworkManager: Password to unlock the certificate is being logged
CVE-2011-1943 NetworkManager: Password to unlock the certificate is being logged
Description of problem:
Password to unlock certificate is logged to /var/log/messages
May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret: destroying ********
Version-Release number of selected component (if applicable):
NetworkManager-openvpn-0.8.999-1.fc15.x86_64
Additional info:
I would love to have the option to type the password at connection time instead of it being stored, but adding the password to the system log is wrong
Discussion:
Robert,
I can't find any related source code which could print'destroy_one_secret: destroying'
---
The CVE identifier of CVE-2011-1943 has been assigned to this issue:
[1] http://www.openwall.com/lists/oss-security/2011/05/31/7
---
Created Net
Bugzilla
NetworkManager logs secrects!
bugzilla·2011-05-28
[HIGH] NetworkManager logs secrects!
NetworkManager logs secrects!
Description of problem:
When acticating or deactiving a VPN connection, NM puts connection secrets (passwords) in dmesg. This is what I found:
[ 51.092532] NetworkManager[930]: keyfile: parsing bla ...
[ 51.138031] NetworkManager[930]: destroy_one_secret: destroying
[ 51.138042] NetworkManager[930]: destroy_one_secret: destroying
[ 51.138053] NetworkManager[930]: keyfile: read connection 'bla'
Version-Release number of selected component (if applicable):
NM-0.8.999-3.git20110526.fc15
How reproducible:
Everytime.
Steps to Reproduce:
1. Start or stop a VPN connection
2. tail dmesg
Discussion:
I confirm this. This bug is also mentioned in bug 703136.
---
Duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=708583 ?
---
Well, the verbose logging is
arXiv
NIFuzz: Estimating Quantified Information Flow with a Fuzzer
arxiv_fulltext·2025-01-24
NIFuzz: Estimating Quantified Information Flow with a Fuzzer
NIFuzz: Estimating Quantified Information Flow with a Fuzzer
Daniel Blackwell
[email protected]
0000-0001-7320-9057
University College London
London
UK
Ingolf Becker
[email protected]
0000-0002-3963-4743
University College London
London
UK
David Clark
[email protected]
0000-0002-7004-934X
University College London
London
UK
## Abstract
This paper presents a scalable, practical approach to quantifying information leaks in software; these errors are often overlooked and downplayed, but can seriously compromise security mechanisms such as address space layout randomisation (ASLR) and Pointer Authentication (PAC). We introduce approaches for three different metrics to estimate the size of information leaks, including a new derivation for the calculation of conditional
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.htmlhttp://www.openwall.com/lists/oss-security/2011/05/31/6http://www.openwall.com/lists/oss-security/2011/05/31/7https://bugzilla.redhat.com/show_bug.cgi?id=708876https://exchange.xforce.ibmcloud.com/vulnerabilities/68057http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.htmlhttp://www.openwall.com/lists/oss-security/2011/05/31/6http://www.openwall.com/lists/oss-security/2011/05/31/7https://bugzilla.redhat.com/show_bug.cgi?id=708876https://exchange.xforce.ibmcloud.com/vulnerabilities/68057
2011-06-14
Published