Vulnerabilities > CVE-2010-2387 - Credentials Management vulnerability in Gnome Display Manager

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

gnome

CWE-255

NVD

Published: 2012-12-21

Updated: 2017-08-17

Summary

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Vulnerable Configurations

Part	Description	Count
Application	Gnome Gnome Gnome Display Manager 2.20.0 Gnome Gnome Display Manager 2.20.1 Gnome Gnome Display Manager 2.20.2 Gnome Gnome Display Manager 2.20.3 Gnome Gnome Display Manager 2.20.4 Gnome Gnome Display Manager 2.20.5 Gnome Gnome Display Manager 2.20.6 Gnome Gnome Display Manager 2.20.7 Gnome Gnome Display Manager 2.20.8 Gnome Gnome Display Manager 2.20.9 Gnome Gnome Display Manager 2.20.10	11

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References