Skip to main content

CVE-2016-5746

Severity Medium
Score 5.1/10

Summary

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.

  • HIGH
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

References

Advisory Timeline

  • Published