Cryptographic issues in keyring
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2012-4571 |
| CWE-ID | CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
keyring Other software / Other software solutions |
| Vendor | jaraco (Jason R. Coombs) |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Cryptographic issues
EUVDB-ID: #VU43282
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-4571
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
MitigationInstall update from vendor's website.
Vulnerable software versionskeyring: 0.9.1
CPE2.3 External linkshttp://pypi.python.org/pypi/keyring
http://www.openwall.com/lists/oss-security/2012/10/31/8
http://www.ubuntu.com/usn/USN-1634-1
http://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
