Launchpad CVE tracker

CVE 2018-20781

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Related bugs and status

CVE-2018-20781 (Candidate) is related to these bugs:

Bug #1772919: pam-gnome-keyring.so reveals user’s password credential as a plaintext form

		In	Importance	Status
1772919	pam-gnome-keyring.so reveals user’s password credential as a plaintext form	gnome-keyring (Ubuntu)	Undecided	Fix Released
1772919	pam-gnome-keyring.so reveals user’s password credential as a plaintext form	gnome-keyring (Ubuntu Xenial)	Undecided	Fix Released
1772919	pam-gnome-keyring.so reveals user’s password credential as a plaintext form	gnome-keyring (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-20781

References