CVE-2010-2387

GNOME Display Manager 2.20.x < 2.20.11 - Password Exposure via Debug Logging

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2387. PoCs published by LogSec.

AI-analyzed exploit summary This repository contains the source code for GDM (GNOME Display Manager) with a focus on the vulnerability CVE-2010-2387. The code includes authentication handling and other core functionalities, but lacks a direct exploit or proof-of-concept. The README provides context about the software but no technical analysis of the vulnerability itself.

Description

vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allow local users to gain privileges by reading the information from syslog logs.

Exploits (1)

nomisec WRITEUP

by LogSec · poc

https://github.com/LogSec/CVE-2010-2387

View Code ZIP pw:eip

This repository contains the source code for GDM (GNOME Display Manager) with a focus on the vulnerability CVE-2010-2387. The code includes authentication handling and other core functionalities, but lacks a direct exploit or proof-of-concept. The README provides context about the software but no technical analysis of the vulnerability itself.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: GNOME Display Manager (GDM) 2.2

No auth needed

Prerequisites: Access to a vulnerable GDM installation

MITRE ATT&CK