CVE-2018-19358

Name of the Vulnerable Software and Affected Versions GNOME Keyring versions prior to 3.28.2

Description The issue allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked. This occurs because available D-Bus protection mechanisms are not used. The vendor disputes this issue, citing that untrusted applications must not be allowed to access the user's session bus socket.

Recommendations For GNOME Keyring versions prior to 3.28.2, consider restricting access to the D-Bus interface to minimize the risk of exploitation. As a temporary workaround, restrict the use of the Secret Service API call until a patch is available.