PT-2013-1493 · Suse · Yast2-Network

Published

2013-12-02

Updated

2018-10-30

CVE-2012-0425

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions yast2-network versions prior to 2.24.4

Description The issue allows context-dependent attackers to obtain sensitive information by reading the WIRELESS WPA PASSWORD or WIRELESS CLIENT KEY PASSWORD field from the y2log log file. This occurs because cleartext Wi-Fi credentials are written to the log file.

Recommendations For versions prior to 2.24.4, update to version 2.24.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the y2log log file to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-0425

Affected Products

Yast2-Network

PT-2013-1493 · Suse · Yast2-Network

CVE-2012-0425

Weakness Enumeration

Related Identifiers

Affected Products

References · 3