Cryptographic issues in keyring - CVE-2012-4571
Published: December 1, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43282
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-4571
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
keyring
keyring
Software vendor:
jaraco (Jason R. Coombs)
jaraco (Jason R. Coombs)
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
Remediation
Install update from vendor's website.