Vulnerability Description
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| David Bagley | Xlockmore | <= 5.42 |
References
- http://openwall.com/lists/oss-security/2013/07/16/8
- http://openwall.com/lists/oss-security/2013/07/18/6
- http://www.tux.org/~bagleyd/xlock/xlockmore.READMEVendor Advisory
- http://openwall.com/lists/oss-security/2013/07/16/8
- http://openwall.com/lists/oss-security/2013/07/18/6
- http://www.tux.org/~bagleyd/xlock/xlockmore.READMEVendor Advisory
FAQ
What is CVE-2013-4143?
CVE-2013-4143 is a vulnerability with a CVSS score of 2.1 (LOW). The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implement...
How severe is CVE-2013-4143?
CVE-2013-4143 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4143?
Check the references section above for vendor advisories and patch information. Affected products include: David Bagley Xlockmore.