systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
History

Thu, 24 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


Thu, 17 Oct 2024 02:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 6.4, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-17T03:39:01

Updated: 2024-08-05T12:12:29.348Z

Reserved: 2019-05-16T00:00:00

Link: CVE-2018-20839

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-17T04:29:00.933

Modified: 2024-11-21T04:02:17.040

Link: CVE-2018-20839

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-05-17T00:00:00Z

Links: CVE-2018-20839 - Bugzilla