CVE-2023-4641

Medium

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second…

redhat·CWE-303·Published 2023-12-27

CVSS

5.5

EPSS

0.00

KEV

Exploits

cve.orgen

309 chars

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

NVDen

309 chars

NVDes

335 chars

Se encontró una falla en Shadow-Utils. Al solicitar una nueva contraseña, Shadow-Utils la solicita dos veces. Si la contraseña falla en el segundo intento, Shadow-Utils no logra limpiar el búfer utilizado para almacenar la primera entrada. Esto puede permitir que un atacante con suficiente acceso recupere la contraseña de la memoria.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	4.7	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N