First published: Wed May 13 2020(Updated: )
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
Credit: security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Subiquity | <20.05.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11932 is a vulnerability discovered in the Subiquity installer for Ubuntu Server that logged the LUKS full disk encryption password if one was entered.
CVE-2020-11932 has a severity rating of low.
The Subiquity installer for Ubuntu Server version up to exclusive 20.05.2 is affected by CVE-2020-11932.
Upgrade to a version of Subiquity installer for Ubuntu Server that includes the fix for CVE-2020-11932.
More information about CVE-2020-11932 can be found at the following references: [Link 1](https://aliceandbob.company/the-human-factor-in-an-economy-of-scale/), [Link 2](https://github.com/CanonicalLtd/subiquity/commit/7db70650feaf513d7fb6f1ca07f2d670a0890613).