2 matches found
The vulnerability of fwupd, a daemon used for managing firmware updates in Linux-based systems, allows an attacker to access confidential information.
The vulnerability of fwupd for managing firmware updates in Linux-based systems is related to the storage of automatically generated passwords in /etc/fwupd/redfish.conf without proper restrictions. Exploiting this vulnerability allows a remote attacker to access confidential information...
fwupd: world readable password in /etc/fwupd/redfish.conf
A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...