CVE-2020-14391

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux 8 versions prior to 8.2

Description A flaw was found in the GNOME Control Center where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality.

Recommendations For Red Hat Enterprise Linux 8 versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the GNOME Settings User Interface to minimize the risk of exploitation. Avoid using the Red Hat Customer Portal credentials in the affected interface until the issue is resolved.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

ALSA-2020:4451

CESA-2020_4451

CVE-2020-14391

RHSA-2020:4451

RHSA-2020_4451

RHSA-2021:0266

RLSA-2020:4451

Affected Products

Almalinux

Centos

Red Hat

Red Hat Enterprise Linux 8

Rocky Linux

CVE-2020-14391

Weakness Enumeration

Related Identifiers

Affected Products

References · 169