Published: 30/11/2012 Updated: 03/12/2012

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python keyring 0.9.1

Several security issues were fixed in Python Keyring ...

Debian Bug report logs - #696736 Insecure permissions on database files Package: python-keyring; Maintainer for python-keyring is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-keyring is src:python-keyring (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg&g ...

Debian Bug report logs - #675379 python-keyring: [CVE-2012-4571] CryptedFileKeyring is insecure Package: python-keyring; Maintainer for python-keyring is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-keyring is src:python-keyring (PTS, buildd, popcon) Reported by: Sebastian Ramac ...

CWE-310 https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845 http://www.openwall.com/lists/oss-security/2012/10/31/8 http://pypi.python.org/pypi/keyring http://www.ubuntu.com/usn/USN-1634-1 https://usn.ubuntu.com/1634-1/https://nvd.nist.gov

CVE-2012-4571

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect