Information disclosure in Gnome Networkmanager

CVE-2011-1943

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive informat…

EPSS: 0.000 (13.3th percentile) — read the EPSS interpretation.

Affected products

Gnome Networkmanager
Fedoraproject Fedora — versions 15
N/a — versions n/a

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
networkmanager-secret-info-disclosure(68057) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
[oss-security] 20110531 CVE request: NetworkManager-openvpn logs cert password (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
FEDORA-2011-7919 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
[oss-security] 20110531 Re: CVE request: NetworkManager-openvpn logs cert password (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)