libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse libstorage-ng - |
||
yast yast-storage - |
||
opensuse libstorage - |
||
opensuse leap 42.1 |