CVE-2020-14391
gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
Se encontró un fallo en el Centro de Control de GNOME en Red Hat Enterprise Linux versiones 8 anteriores a 8.2, donde usa inapropiadamente las credenciales Red Hat Customer Portal cuando un usuario registra un sistema mediante la Interfaz de Usuario de Configuración de GNOME. Este fallo permite a un atacante local detecte la contraseña de Red Hat Customer Portal. La mayor amenaza de esta vulnerabilidad es la confidencialidad
A flaw was found in the GNOME Control Center, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-11-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1873093 | 2021-01-26 | |
https://access.redhat.com/security/cve/CVE-2020-14391 | 2021-01-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnome Search vendor "Gnome" | Control Center Search vendor "Gnome" for product "Control Center" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
Gnome Search vendor "Gnome" | Control Center Search vendor "Gnome" for product "Control Center" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "8.2" | - |
Safe
|
Gnome Search vendor "Gnome" | Control Center Search vendor "Gnome" for product "Control Center" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Safe
|
Gnome Search vendor "Gnome" | Control Center Search vendor "Gnome" for product "Control Center" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Tus Search vendor "Redhat" for product "Enterprise Linux Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Tus" and version "8.2" | - |
Safe
|