Your submission was sent successfully! Close

CVE-2018-20781

Published: 12 February 2019

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
gnome-keyring
Launchpad, Ubuntu, Debian
Upstream
Released (3.28.0-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.28.0.2-1ubuntu1.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.18.3-0ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.10.1-1ubuntu4.4])
Patches:
Upstream: https://gitlab.gnome.org/GNOME/gnome-keyring/commit/9db67ef6e39ac51d426dee91da3b9305670241e6