Suse · Suse Linux Enterprise Server · CVE-2018-20105
Name of the Vulnerable Software and Affected Versions:
SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2
openSUSE Leap yast2-rmt versions prior to 1.2.2
Description:
A vulnerability in yast2-rmt allows local attackers to learn the password if they can access the log file. This issue is related to the inclusion of sensitive information in log files.
Recommendations:
For SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2, update to version 1.2.2 or later.
For openSUSE Leap yast2-rmt versions prior to 1.2.2, update to version 1.2.2 or later.
As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.