EulerOS Virtualization 3.0.6.0 : shadow-utils (EulerOS-SA-2024-1705)

According to the versions of the shadow-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fail...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1705)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : shadow-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Note that Nessus has not tested for this...

RHEL 7 : shadow-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - shadow-utils: possible password leak during passwd1 change CVE-2023-4641 Note that Nessus has not tested for this...

Low: Red Hat Security Advisory: shadow-utils security update

An update for shadow-utils is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : shadow-utils (RHSA-2024:2577)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2577 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user a...

The vulnerability of the shadow-utils package, related to incorrect authentication, allows a hacker to gain unauthorized access to user passwords.

The vulnerability of the shadow-utils package is related to the double password request and the lack of buffer memory cleanup. Exploiting this vulnerability can allow an attacker to gain unauthorized access to user passwords...

ROS-20240409-07

A vulnerability in the shadow-utils package is related to requesting the password twice and not clearing the memory buffer. Exploitation of the vulnerability could allow an attacker to gain access to the device...

EulerOS 2.0 SP8 : shadow-utils (EulerOS-SA-2024-1298)

According to the versions of the shadow-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

Huawei EulerOS: Security Advisory for shadow-utils (EulerOS-SA-2024-1298)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : shadow vulnerability (USN-6640-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6640-1 advisory. It was discovered that shadow was not properly sanitizing memory when running the password utility. An...

RHEL 8 : shadow-utils (RHSA-2024:0417)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0417 advisory. The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user a...

EulerOS 2.0 SP11 : shadow (EulerOS-SA-2023-3020)

According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

EulerOS 2.0 SP10 : shadow (EulerOS-SA-2023-3231)

According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second...

EulerOS Virtualization 2.9.0 : shadow (EulerOS-SA-2024-1022)

According to the versions of the shadow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on t...

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2024-1022)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

AZL-32253 CVE-2023-4641 affecting package shadow-utils for versions less than 4.9-14

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

Default credentials

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...