Early Access — Mondoo Vulnerability Intelligence is currently in preview.
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
Exploitability
AV:LAC:HPR:LUI:NScope
S:UImpact
C:HI:NA:N4.7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NOther