Main Vulnerability Database SB2013120201

SB2013120201 - Information disclosure in Novell Opensuse

Published: December 2, 2013 Updated: August 10, 2020

Security Bulletin ID SB2013120201

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2012-0425)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.

Remediation

Install update from vendor's website.

References

https://bugzilla.novell.com/show_bug.cgi?id=752464
https://support.novell.com/security/cve/CVE-2012-0425.html