CVE-2022-0555
https://notcve.org/view.php?id=CVE-2022-0555
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions Subiquity muestra una frase de contraseña de almacenamiento guiada en texto plano con permisos de lectura total • https://bugs.launchpad.net/subiquity/+bug/1960162 https://github.com/canonical/subiquity/pull/1181 https://github.com/canonical/subiquity/pull/1182 https://www.cve.org/CVERecord?id=CVE-2022-0555 • CWE-256: Plaintext Storage of a Password •
CVE-2023-5182
https://notcve.org/view.php?id=CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. Los datos confidenciales podrían quedar expuestos en los registros de subiquity versión 23.09.1 y anteriores. Un atacante del grupo adm podría usar esta información para encontrar contraseñas cifradas y posiblemente aumentar sus privilegios. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182 https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-11932 – Subiquity server installer logged LUKS full disk encryption password
https://notcve.org/view.php?id=CVE-2020-11932
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. Se detectó que el instalador de Subiquity para Ubuntu Server, registraba la contraseña completa de cifrado de disco de LUKS si una era ingresada. • https://github.com/ProjectorBUg/CVE-2020-11932 https://github.com/Staubgeborener/CVE-2020-11932 https://github.com/code-developers/CVE-2020-11932 https://aliceandbob.company/the-human-factor-in-an-economy-of-scale https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613 • CWE-532: Insertion of Sensitive Information into Log File •