yast2-users prior to 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow malicious users to have unspecified impact via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse yast2 |