Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44061
HistoryOct 30, 2023 - 10:18 a.m.

Information Disclosure

2023-10-3010:18:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
libshadow.so
vulnerability
information disclosure
change_passwd
gpasswd.c
password field

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

10.3%

libshadow.so is vulnerable to Information Disclosure. The vulnerability exists in change_passwd function at gpasswd.c because the password field is not properly zeroed out if the confirmation fails.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

10.3%