CVE-2023-4641

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 27, 2023
Updated: May 3, 2024
CWE ID 287
CWE ID 303

Summary

CVE-2023-4641 is a vulnerability affecting the shadow-utils software. When users are prompted to enter a new password, the software asks for the password twice. If the password is incorrect on the second attempt, the software fails to clean the buffer used for the first entry, potentially exposing the password in memory to attackers with sufficient access. This flaw may result in unauthorized access to affected systems. It is recommended that users update their software as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Enterprise Linux
  • Redhat Enterprise Linux For Ibm Z Systems

Affected Vendors

  • Red Hat