Cryptographic issues in keyring - CVE-2012-4571

 

Cryptographic issues in keyring - CVE-2012-4571

Published: December 1, 2012 / Updated: August 11, 2020


Vulnerability identifier: #VU43282
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-4571
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: jaraco (Jason R. Coombs)
Affected software:
keyring

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.


How to mitigate CVE-2012-4571

Install update from vendor's website.

Sources