Description
GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision
References (4)
Core 4
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13
Third Party Advisory x_refsource_misc
https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=551036
Scores
CVSS v3
6.8
EPSS
0.0004
EPSS Percentile
11.6%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (1)
gnome/seahorse
< 3.30
Published
Nov 18, 2018
Tracked Since
Feb 18, 2026