CVE-2018-20781Insufficiently Protected Credentials in Keyring

CWE-522Insufficiently Protected Credentials10 documents9 sources
Severity
7.8HIGHNVD
EPSS
4.6%
top 10.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gnome-keyringGnome KeyringCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 12
Latest updateMay 13

Description

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgnome/gnome_keyring< 3.27.2
Debiangnome-keyring/gnome-keyring< 3.28.0-1+3

Also affects: Ubuntu Linux 14.04, 16.04

Patches

Patch: bugs.launchpad.netPatch: bugzilla.gnome.orgPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-rqh7-8g2w-wcqc: In pam/gkr-pam-module2022-05-13
OSV
CVE-2018-20781: In pam/gkr-pam-module2019-02-12
CVEList
CVE-2018-20781: In pam/gkr-pam-module2019-02-12

🔍Detection Rules

1
Elastic
Potential Linux Credential Dumping via Proc Filesystem

📋Vendor Advisories

3
Ubuntu
GNOME Keyring vulnerability2019-02-26
Debian
CVE-2018-20781: gnome-keyring - In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is k...2018
Red Hat
gnome-keyring: user's login credentials is kept in a session-child process resulting in exposed plaintext password2017-04-19

💬Community

2
Bugzilla
CVE-2018-20781 gnome-keyring: user's login credentials is kept in a session-child process resulting in exposed plaintext password2019-02-14
Bugzilla
CVE-2018-20781 libgnome-keyring: gnome-keyring: user's login credentials is kept in a session-child process resulting in exposed plaintext password [fedora-all]2019-02-14
CVE-2018-20781 — Insufficiently Protected Credentials | cvebase