Weak password requirements in firefox (Alpine package)



Published: 2020-04-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-6824
CWE-ID CWE-521
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
firefox (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Weak password requirements

EUVDB-ID: #VU26652

Risk: Low

CVSSv3.1: 1.6 [CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-6824

CWE-ID: CWE-521 - Weak Password Requirements

Exploit availability: No

Description

The vulnerability allows a local user to gain access to another user password.

The vulnerability exists due to incorrect behavior of password generator when private browsing mode is user. If the victim had used password generator in a Private Browsing Window to generate a password and then closed the private window while leaving Firefox open, the attacker can open another private browsing session, visit the same website and Firefox will generate identical password.

Mitigation

Install update from vendor's website.

Vulnerable software versions

firefox (Alpine package): 74.0-r0 - 74.0.1-r0

External links

http://git.alpinelinux.org/aports/commit/?id=3f24b0ed71ac2a532796e4f065c755d1e92a6858


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###