Bug 911121 (CVE-2013-4217)
Summary: | CVE-2013-4217 wimax (OSAL crypt module): By setting encrypted password writes unencrypted passwords to log files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Florian Weimer <fweimer> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED EOL | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dcbw, jlieskov, jrusnack, rkhan |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-17 16:48:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 995160 | ||
Bug Blocks: | 909233 |
Description
Florian Weimer
2013-02-14 12:40:11 UTC
A security flaw was found in the way OSAL crypt module of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to perform its internal encrypted password setting action (a failed attempt to set the encrypted password was logged into the WiMAX's log file with provided password logged in plaintext form). A local attacker could use this flaw to obtain sensitive information or conduct unauthorized actions on behalf of the user setting the encrypted password. Acknowledgements: This issue was found by Florian Weimer of Red Hat Product Security Team. Created wimax tracking bugs for this issue: Affects: fedora-all [bug 995160] The CVE identifier of CVE-2013-4217 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/08/08/17 Only Fedora 19 shipped the wimax packages, and it is now EOL. |