CVE-2020-11932
Subiquity server installer logged LUKS full disk encryption password
In short
The Subiquity Ubuntu Server installer accidentally recorded the LUKS disk encryption password in its logs. This means the password could be exposed if someone accessed the installer logs, compromising the security of the encrypted disk.
Technical detail
CWE-532 (Insertion of Sensitive Information into Log File) vulnerability where LUKS full disk encryption passwords entered during installation were written to plaintext log files. An attacker with read access to installer logs could extract the password, bypassing disk encryption protections. The vulnerability requires the user to set up LUKS encryption during installation.
Summary generated and translated by AI from the official description.
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected products
Canonical · SubiquityWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →