Red Hat Bugzilla – Bug 911121
CVE-2013-4217 wimax (OSAL crypt module): By setting encrypted password writes unencrypted passwords to log files
Last modified: 2015-02-19 04:23:09 EST
InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c seems to write unencrypted passwords to the log file.
A security flaw was found in the way OSAL crypt module of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to perform its internal encrypted password setting action (a failed attempt to set the encrypted password was logged into the WiMAX's log file with provided password logged in plaintext form). A local attacker could use this flaw to obtain sensitive information or conduct unauthorized actions on behalf of the user setting the encrypted password.
This issue was found by Florian Weimer of Red Hat Product Security Team.
Created wimax tracking bugs for this issue:
Affects: fedora-all [bug 995160]
The CVE identifier of CVE-2013-4217 has been assigned to this issue:
Only Fedora 19 shipped the wimax packages, and it is now EOL.