RHEL 5 : gdm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gdm: logs user passwors that contain invalid UTF8-encoded characters, in debug mode CVE-2010-2387 Note that Nessus...

Design/Logic Flaw

vicious-extensions/ve-misc.c in GNOME Display Manager gdm 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs...