Primary

Context

sudo-rs Partial Password Reveal Vulnerability

Vulnerability

A vulnerability in sudo-rs versions 0.2.7 prior to 0.2.10 allows for a partial password reveal. When a user types a password but does not press return for an extended period, a timeout occurs. The entered keystrokes are then echoed back to the console, potentially disclosing partial password information. This issue could also expose history files if not carefully managed by the user, leading to social engineering or pass-by attacks.

Impact

The vulnerability could reveal partial passwords, which might be recorded in history files and used for social engineering or pass-by attacks.

Reproduction

To reproduce this vulnerability, use sudo-rs version 0.2.7. Initiate a command that requires password authentication, such as 'sudo -s'. Begin typing a password but do not press return. After a timeout period, the typed password will be echoed back to the console.

Remediation

Users can upgrade to sudo-rs version 0.2.10, which addresses this vulnerability.

Added: Nov 12, 2025, 9:19 PM

Updated: Nov 12, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.9

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

7.7

relevance

0.9

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

sudo-rs Partial Password Reveal Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating