systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Metrics
Affected Vendors & Products
References
History
Thu, 24 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 17 Oct 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_0
|
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-17T03:39:01
Updated: 2024-08-05T12:12:29.348Z
Reserved: 2019-05-16T00:00:00
Link: CVE-2018-20839
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-17T04:29:00.933
Modified: 2024-11-21T04:02:17.040
Link: CVE-2018-20839
Redhat