Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-12356

Published: 15/06/2018 Updated: 16/05/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Simple Password Store

Vulnerability Summary

An issue exists in password-store.sh in pass in Simple Password Store 1.7.x prior to 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote malicious users to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the malicious user to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

simple password store project simple password store

Vendor Advisories

Debian CVElist Bug Report Logs: pass: Security Vulnerability: Faulty GPG Signature Checking (CVE-2018-12356)
Debian Bug report logs - #901574 pass: Security Vulnerability: Faulty GPG Signature Checking (CVE-2018-12356) Package: pass; Maintainer for pass is Colin Watson <cjwatson@debianorg>; Source for pass is src:password-store (PTS, buildd, popcon) Reported by: Wesley Schwengle <wesley@schwenglenet> Date: Thu, 14 Jun 201 ...
Arch Linux Issues:
An issue was discovered in password-storesh in pass in Simple Password Store 17 through 171 The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extensions scripts Modifying the configuration file allows the attack ...

Mailing Lists

Full Disclosure: Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> Fro ...

Recent Articles

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug
The Register • Richard Chirgwin • 19 Jun 2018

Brinkmann files third signature spoof vulnerability in a month GnuPG patched to thwart 'fake filename'

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG's signature verification routine, meaning an attacker can spoof file signatures on configuration files and extension scripts (Brinkmann has dubbed the bug “SigSpoof 3” as the third signatur...

Read more...

References

CWE-347https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.htmlhttps://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30dhttp://openwall.com/lists/oss-security/2018/06/14/3http://www.openwall.com/lists/oss-security/2019/04/30/4http://seclists.org/fulldisclosure/2019/Apr/38http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.htmlhttps://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdfhttps://github.com/RUB-NDS/Johnny-You-Are-Firedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901574https://nvd.nist.govhttps://security.archlinux.org/CVE-2018-12356
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook