Vulnerability Description
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Keyring | 0.9.1 |
Related Weaknesses (CWE)
References
- http://pypi.python.org/pypi/keyring
- http://www.openwall.com/lists/oss-security/2012/10/31/8
- http://www.ubuntu.com/usn/USN-1634-1
- https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
- http://pypi.python.org/pypi/keyring
- http://www.openwall.com/lists/oss-security/2012/10/31/8
- http://www.ubuntu.com/usn/USN-1634-1
- https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
FAQ
What is CVE-2012-4571?
CVE-2012-4571 is a vulnerability with a CVSS score of 2.1 (LOW). Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
How severe is CVE-2012-4571?
CVE-2012-4571 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4571?
Check the references section above for vendor advisories and patch information. Affected products include: Python Keyring.