CVE-2012-0813

Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
http://secunia.com/advisories/49657	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201206-08.xml
http://www.openwall.com/lists/oss-security/2012/01/26/13
http://www.openwall.com/lists/oss-security/2012/01/26/14
http://www.securityfocus.com/bid/51703
https://launchpad.net/wicd/+announcement/9570

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:david_paleino:wicd::beta3::::::*
	cpe:2.3:a:david_paleino:wicd:1.2.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.3.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.3:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.4:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.5:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.6:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.8:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.9:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.2:::::::*

History

No history.

Information

Published : 2012-06-29 19:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-0813

Mitre link : CVE-2012-0813

CVE.ORG link : CVE-2012-0813

JSON object : View

Products Affected

david_paleino

wicd

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-0813", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-06-29T19:55:02.577", "references": [{"url": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682", "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49657", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201206-08.xml", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/01/26/13", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/01/26/14", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/51703", "source": "secalert@redhat.com"}, {"url": "https://launchpad.net/wicd/+announcement/9570", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information."}, {"lang": "es", "value": "Wicd anteriores a 1.7.1 guarda informaci\u00f3n confidencial en archivos de log en /var/log/wicd, lo que permite a atacantes dependientes del contexto obtener contrase\u00f1as y otra informaci\u00f3n confidencial."}], "lastModified": "2012-08-01T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:david_paleino:wicd:*:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5405A668-8E9E-4E07-9281-C8AE1A9EB301", "versionEndIncluding": "1.7.1"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AFC460-E683-4047-8C2A-1E9AC377917B"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D411ED-67BF-45A0-BE8A-E981CAB0F4CD"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45632B83-B5C7-42AC-9B8B-031AB0D6417A"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52DCBA8B-FD94-4184-985A-E054DEC04671"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F48E42D-AEEA-41EC-BCFB-5581CEA05B58"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "288E7A59-D1BA-45D7-A30A-9F5F56E5A192"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2265EFEA-CEF9-42E0-A538-8D8FAE5F351C"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7769F3E0-EF1A-480C-845E-7178F2939ECD"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22A39899-C5D7-47D0-9B9C-6ADD1F756B46"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27ED667E-BD1E-4352-A5F0-DB70B86D600D"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84B74048-746F-4DF7-913D-3F0163FC8FD1"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E268AD-D2A5-48DD-A311-6C2CD8A67149"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5FE6B55-58EA-403E-AA60-2079A559D2CB"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D05918F4-2957-459D-9505-1B14B7C4D257"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7BD785-94DC-4525-9CA4-9DE41F316807"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FCF612E-89BE-4AFC-8DC3-D8DE1452BFAD"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF97412-C3F2-4AE2-B2CE-CE8F24EC139F"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40BD3EF9-EE76-4E63-B057-4B369BB39568"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94373C23-875A-4CED-BC07-0AEFF233A64F"}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D324009-C5BE-4BBD-82B7-1B9041416B56"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}