CVE-2019-13179

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.

Related Vulnerabilities

CVE-2012-3823

HIGH
CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CWE-5222012

CVE-2012-6663

HIGH
CVSS:7.5(High)

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

CWE-5222012

CVE-2013-2106

HIGH
CVSS:7.5(High)

webauth before 4.6.1 has authentication credential disclosure

CWE-5222013

CVE-2013-2672

HIGH
CVSS:7.5(High)

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

CWE-5222013

CVE-2013-3313

HIGH
CVSS:7.5(High)

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...

CWE-5222013

CVE-2013-3620

HIGH
CVSS:7.5(High)

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

CWE-5222013