Insecure Logging of Passwords in yast2-rmt of SUSE Linux Enterprise Server 15 and openSUSE Leap

Insecure Logging of Passwords in yast2-rmt of SUSE Linux Enterprise Server 15 and openSUSE Leap

CVE-2018-20105 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.