CVE-2022-3287 — Plaintext Storage of a Password in Fwupd

CWE-256 — Plaintext Storage of a Password CWE-552 — Files or Directories Accessible to External Parties5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fwupd Debian Fwupd

Timeline

PublishedSep 28

Latest updateSep 29

Description

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDfwupd/fwupd< 1.8.5

▶debiandebian/fwupd< fwupd 1.8.5-1 (bookworm)

▶Debianfwupd/fwupd< 1.8.5-1+2

▶CVEListV5fwupd/fwupdFixed in version 1.8.5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-7qqr-wwjq-98v6: When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish↗2022-09-29

▶

OSV

CVE-2022-3287: When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish↗2022-09-28

▶

📋Vendor Advisories

Red Hat

fwupd: world readable password in /etc/fwupd/redfish.conf↗2022-09-22

▶

Debian

CVE-2022-3287: fwupd - When creating an OPERATOR user account on the BMC, the redfish plugin saved the ...↗2022

▶