PT-2020-15023 · Gnome+8 · Gnome Shell+8

Published

2020-08-11

Updated

2024-06-15

CVE-2020-17489

CVSS v3.1

4.3

Medium

Vector

AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNOME gnome-shell versions 3.36.4 and earlier

Description An issue was discovered in certain configurations of GNOME gnome-shell. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. If the password were never shown in cleartext, only the password length is revealed.

Recommendations For versions 3.36.4 and earlier, update to a version later than 3.36.4 to resolve the issue. As a temporary workaround, consider disabling the password reveal feature in the login dialog to minimize the risk of password exposure.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

ALSA-2022:1814

ALT-PU-2020-2635

CESA-2022_1814

CVE-2020-17489

DLA-2374-1

MGASA-2021-0316

OESA-2021-1152

OPENSUSE-SU-2020:1861-1

OPENSUSE-SU-2020_1861-1

OPENSUSE-SU-2024:10797-1

RHSA-2022:1814

RHSA-2022_1814

RLSA-2022:1814

SUSE-SU-2020:3132-1

SUSE-SU-2020_3132-1

USN-4464-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Gnome Shell

PT-2020-15023 · Gnome+8 · Gnome Shell+8

CVE-2020-17489

Weakness Enumeration

Related Identifiers

Affected Products

References · 43