Description
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
References (5)
Core 5
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4464-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202009-08
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00028.html
Scores
CVSS v3
4.3
EPSS
0.0015
EPSS Percentile
35.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (4)
canonical/ubuntu_linux
20.04
debian/debian_linux
9.0
gnome/gnome-shell
< 3.36.4
opensuse/leap
15.2
Published
Aug 11, 2020
Tracked Since
Feb 18, 2026