← Back

CVE-2020-17489

nvd nist
Published: Aug 11, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 0.7 / Impact: 3.6
Source: NVD

Description

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

Affected (4)

Show all products
Gnome: Gnome Shell · Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Leap
Gnome
1 product
Gnome Shell
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Opensuse
1 product
Leap
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Gnome Shell
Up to 3.36.4
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 20.04
Debian Linux
Version 9.0
Leap
Version 15.2

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (10)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.