CVE-2018-20781

Priority
Description
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password
is kept in a session-child process spawned from the LightDM daemon. This
can expose the credential in cleartext.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (3.28.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.10.1-1ubuntu4.4])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.3-0ubuntu2.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.28.0.2-1ubuntu1.18.04.1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gnome-keyring/commit/9db67ef6e39ac51d426dee91da3b9305670241e6
More Information

Updated: 2020-07-28 20:04:52 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)