← back
CVE-2010-2387

CVE-2010-2387

EPSS 0.5%
vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changeshttps://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosurehttps://bugzilla.gnome.org/show_bug.cgi?id=571846http://secunia.com/advisories/40690http://secunia.com/advisories/40780https://exchange.xforce.ibmcloud.com/vulnerabilities/60642http://www.auscert.org.au/13123http://www.osvdb.org/66643