First published: Fri May 17 2019(Updated: )
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
systemd | =242 | |
All of | ||
NetApp CN1610 | ||
NetApp CN1610 Firmware | ||
NetApp SnapProtect | ||
NetApp SolidFire & HCI Management Node | ||
NetApp CN1610 | ||
NetApp CN1610 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-20839.
The severity of CVE-2018-20839 is critical with a score of 9.8.
CVE-2018-20839 allows attackers to read cleartext passwords by changing the VT1 mode upon a logout and mishandling the KDGKBMODE check.
Yes, the affected software version is systemd 242.
Yes, a fix is available for CVE-2018-20839. Please refer to the provided references for more information.