CVE-2012-4571

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://pypi.python.org/pypi/keyring
http://www.openwall.com/lists/oss-security/2012/10/31/8
http://www.ubuntu.com/usn/USN-1634-1
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
http://pypi.python.org/pypi/keyring
http://www.openwall.com/lists/oss-security/2012/10/31/8
http://www.ubuntu.com/usn/USN-1634-1
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:keyring:0.9.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:43

Type	Values Removed	Values Added
References	~~() http://pypi.python.org/pypi/keyring -~~	() http://pypi.python.org/pypi/keyring -
References	~~() http://www.openwall.com/lists/oss-security/2012/10/31/8 -~~	() http://www.openwall.com/lists/oss-security/2012/10/31/8 -
References	~~() http://www.ubuntu.com/usn/USN-1634-1 -~~	() http://www.ubuntu.com/usn/USN-1634-1 -
References	~~() https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845 -~~	() https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845 -

Information

Published : 2012-11-30 22:55

Updated : 2024-11-21 01:43

NVD link : CVE-2012-4571

Mitre link : CVE-2012-4571

CVE.ORG link : CVE-2012-4571

JSON object : View

Products Affected

python

keyring

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2012-4571", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-30T22:55:01.830", "references": [{"url": "http://pypi.python.org/pypi/keyring", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/31/8", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1634-1", "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845", "source": "secalert@redhat.com"}, {"url": "http://pypi.python.org/pypi/keyring", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/31/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1634-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack."}, {"lang": "es", "value": "Python Keyring v0.9.1 no inicializa de forma segura el sistema de cifrado para cifrar las contrase\u00f1as de los archivos CryptedFileKeyring, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios locales obtener contrase\u00f1as a trav\u00e9s de un ataque de fuerza bruta."}], "lastModified": "2024-11-21T01:43:09.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:keyring:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB3763D-3787-4E2C-8C12-7F907D4EB8E6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}