An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/95325 | Third Party Advisory VDB Entry |
https://security-tracker.debian.org/tracker/CVE-2012-6655 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2014/08/16/7 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/69245 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655 | Issue Tracking Third Party Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655 | Exploit Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2019-11-27 10:15
Updated : 2020-08-18 08:05
NVD link : CVE-2012-6655
Mitre link : CVE-2012-6655
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
debian
- debian_linux
opensuse
- opensuse
accountsservice_project
- accountsservice
redhat
- enterprise_linux