Download
| Alert*
oval:org.secpod.oval:def:704632
gnome-keyring is installed oval:org.secpod.oval:def:52137 gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information. oval:org.secpod.oval:def:704653 gnome-keyring: GNOME keyring services GNOME Keyring could be made to expose sensitive information. oval:org.secpod.oval:def:2001594 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user"s password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. oval:org.secpod.oval:def:1900150 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. oval:org.secpod.oval:def:2001333 GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms are not used. |