Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2387 to the following vulnerability: Name: CVE-2010-2387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2387 Assigned: 20100621 Reference: http://ftp.gnome.org/pub/GNOME/sources/gdm/2.20/gdm-2.20.11.changes Reference: https://blogs.oracle.com/sunsecurity/entry/cve_2010_2387_password_disclosure Reference: https://bugzilla.gnome.org/show_bug.cgi?id=571846 Reference: AUSCERT:ASB-2010.0184 Reference: http://www.auscert.org.au/13123 Reference: OSVDB:66643 Reference: http://www.osvdb.org/66643 Reference: SECUNIA:40690 Reference: http://secunia.com/advisories/40690 Reference: SECUNIA:40780 Reference: http://secunia.com/advisories/40780 Reference: XF:solaris-gdm-information-disclosure(60642) Reference: http://xforce.iss.net/xforce/xfdb/60642 vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs. Statement: This is not a vulnerability. Red Hat Enterprise Linux does not have /var/log/messages world-readable, nor is GDM run in debug mode; both are requirements for this to be considered a flaw.