CVE-2018-20839
published 2019-05-17CVE-2018-20839: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or…
PriorityP419medium4.3CVSS 3.1
AVPACLPRNUIRSUCHINAN
EPSS
2.48%
82.6th percentile
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | plymouth | < plymouth 0.9.4-1 (bookworm) | plymouth 0.9.4-1 (bookworm) |
| systemd_project | systemd | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
vendor_redhat·2019-05-17·CVSS 4.3
CVE-2018-20839 [MEDIUM] CWE-200 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
The issue arises from the way systemd handles user passwords during the boot process. Specifically, passwords entered on the console during the system boot (e.g., for unlocking encrypted disks or logging in) could be logged in plaintext if certain conditions are met.
Statement: This vulnerability is rated as moderate rather than important because its exploitation requires specific local conditions tha
Debian
CVE-2018-20839: plymouth - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read c...
vendor_debian·2018·CVSS 4.3
CVE-2018-20839 [MEDIUM] CVE-2018-20839: plymouth - systemd 242 changes the VT1 mode upon a logout, which allows attackers to read c...
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Scope: local
bookworm: resolved (fixed in 0.9.4-1)
bullseye: resolved (fixed in 0.9.4-1)
forky: resolved (fixed in 0.9.4-1)
sid: resolved (fixed in 0.9.4-1)
trixie: resolved (fixed in 0.9.4-1)
GHSA
GHSA-5cwj-wmj7-j224: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdo
ghsa_unreviewed·2022-05-24
CVE-2018-20839 [CRITICAL] CWE-200 GHSA-5cwj-wmj7-j224: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdo
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
OSV
CVE-2018-20839: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdo
osv·2019-05-17·CVSS 4.3
CVE-2018-20839 [MEDIUM] CVE-2018-20839: systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdo
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker [fedora-all]
bugzilla·2019-06-04·CVSS 4.3
CVE-2018-20839 [MEDIUM] CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker [fedora-all]
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg c
Bugzilla
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
bugzilla·2019-06-04·CVSS 4.3
CVE-2018-20839 [MEDIUM] CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Ubuntu bug report:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
Upstream commit:
https://github.com/systemd/systemd/pull/12378
Discussion:
Created systemd tracking bugs for this issue:
Affects: fedora-all [bug 1716956]
---
The fix implemented in [1] seems to cause a regression, which was reported upstream at [2]. It is still not clear what the right fix for this
Wiz
What Is DevOps Security? Implement, Challenges, Best Practices | Wiz
blogs_wiz·2024-12-02
What Is DevOps Security? Implement, Challenges, Best Practices | Wiz
## What is DevOps security?
DevOps security integrates security practices within the DevOps process from inception through development, deployment, and operations. It breaks down traditional silos between development, operations, and security teams, promoting a culture of security across all phases of the software development lifecycle (SDLC).
- In its early stages, DevOps focused primarily on integrating development and operations teams to improve the software development process.
- Over time, the scope of DevOps expanded to include security (especially when it comes to cloud platforms like AWS, Azure, and Google Cloud), giving rise to the term "DevSecOps."
- This integration marks a significant paradigm shift, emphasizing a comprehensive approach where security measures, championed by
http://www.securityfocus.com/bid/108389https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322fhttps://github.com/systemd/systemd/pull/12378https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190530-0002/http://www.securityfocus.com/bid/108389https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322fhttps://github.com/systemd/systemd/pull/12378https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190530-0002/
2019-05-17
Published