CVE-2012-0425

Name of the Vulnerable Software and Affected Versions yast2-network versions prior to 2.24.4

Description The issue allows context-dependent attackers to obtain sensitive information by reading the WIRELESS WPA PASSWORD or WIRELESS CLIENT KEY PASSWORD field from the y2log log file. This occurs because cleartext Wi-Fi credentials are written to the log file.

Recommendations For versions prior to 2.24.4, update to version 2.24.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the y2log log file to minimize the risk of exploitation.