CVE-2012-0425

Published: Dec 2, 2013Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.

Affected (1)

Products: Opensuse: Opensuse

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.novell.com/show_bug.cgi?id=752464

Source: cve@mitre.org

https://support.novell.com/security/cve/CVE-2012-0425.html

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=752464

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.novell.com/security/cve/CVE-2012-0425.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.