Bug 911121 (CVE-2013-4217) - CVE-2013-4217 wimax (OSAL crypt module): By setting encrypted password writes unencrypted passwords to log files
Summary: CVE-2013-4217 wimax (OSAL crypt module): By setting encrypted password writes...
Alias: CVE-2013-4217
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 995160
Blocks: 909233
TreeView+ depends on / blocked
Reported: 2013-02-14 12:40 UTC by Florian Weimer
Modified: 2023-05-12 21:33 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-02-17 16:48:20 UTC

Attachments (Terms of Use)

Description Florian Weimer 2013-02-14 12:40:11 UTC
InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c seems to write unencrypted passwords to the log file.

Comment 5 Jan Lieskovsky 2013-08-08 15:46:00 UTC
A security flaw was found in the way OSAL crypt module of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to perform its internal encrypted password setting action (a failed attempt to set the encrypted password was logged into the WiMAX's log file with provided password logged in plaintext form). A local attacker could use this flaw to obtain sensitive information or conduct unauthorized actions on behalf of the user setting the encrypted password.

Comment 6 Jan Lieskovsky 2013-08-08 16:45:28 UTC

This issue was found by Florian Weimer of Red Hat Product Security Team.

Comment 7 Jan Lieskovsky 2013-08-08 16:47:45 UTC
Created wimax tracking bugs for this issue:

Affects: fedora-all [bug 995160]

Comment 8 Jan Lieskovsky 2013-08-08 16:56:59 UTC
CVE Request:

Comment 9 Jan Lieskovsky 2013-08-09 07:20:41 UTC
The CVE identifier of CVE-2013-4217 has been assigned to this issue:

Comment 10 Florian Weimer 2015-02-17 16:48:20 UTC
Only Fedora 19 shipped the wimax packages, and it is now EOL.

Note You need to log in before you can comment on or make changes to this bug.