Information Disclosure in NetworkManager by Fedora
CVE-2011-1943

Currently unrated

Key Information:

Vendor: Gnome
Status: Networkmanager
Vendor: CVE Published:; 14 June 2011

Summary

The destroy_one_secret function in the NetworkManager package contains a vulnerability that results in unintended exposure of sensitive information. Specifically, it generates a log entry that includes a certificate password, enabling local users to gain unauthorized access to this sensitive data by simply reading the log file. This issue underscores the importance of implementing robust logging practices to protect sensitive information from unauthorized access.

References

https://bugzilla.redhat.com/show_bug.cgi?id=708876

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/68057

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2011/05/31/6

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jun 14, 2011
Vulnerability Reserved
May 9, 2011