CVE-2023-4641
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Dec 27, 2023
Updated: May 3, 2024
CWE ID 287
CWE ID 303
Summary
CVE-2023-4641 is a vulnerability affecting the shadow-utils software. When users are prompted to enter a new password, the software asks for the password twice. If the password is incorrect on the second attempt, the software fails to clean the buffer used for the first entry, potentially exposing the password in memory to attackers with sufficient access. This flaw may result in unauthorized access to affected systems. It is recommended that users update their software as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Red Hat Enterprise Linux
- Redhat Enterprise Linux For Ibm Z Systems
Affected Vendors
- Red Hat