It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
References
Link | Resource |
---|---|
https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/ | |
https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613 | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-05-13 01:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-11932
Mitre link : CVE-2020-11932
CVE.ORG link : CVE-2020-11932
JSON object : View
Products Affected
canonical
- subiquity
CWE
CWE-532
Insertion of Sensitive Information into Log File