LanItems.ycp in save_y2logs in yast2-network prior to 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent malicious users to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 12.1 |