An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) References: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
Created gnome-shell tracking bugs for this issue: Affects: fedora-all [bug 1868419]
Mitigation: Do not use the "view password" context menu option when logging into gnome-shell.
Statement: This flaw does not affect gnome-shell as shipped with Red Hat Enterprise Linux 6 or 7. For 6, there is no option to view the password in the clear at login, and for 7, the login screen is killed upon login.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1814 https://access.redhat.com/errata/RHSA-2022:1814
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-17489