CVE 2012-4571
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
Related bugs and status
CVE-2012-4571 (Candidate) is related to these bugs:
Bug #1004845: python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long))
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu) | Undecided | Fix Released | ||
1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Debian) | Unknown | Fix Released | ||
1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
1004845 | python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long)) | python-keyring (Ubuntu Precise) | Undecided | Fix Released |
Bug #1031465: ~/crypted_pass.cfg created with insecure permissions
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu) | Undecided | Fix Released | ||
1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Precise) | Undecided | Fix Released | ||
1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Quantal) | Undecided | Fix Released | ||
1031465 | ~/crypted_pass.cfg created with insecure permissions | python-keyring (Ubuntu Raring) | Undecided | Fix Released |
Bug #1042754: syncpackage: fails with JSON error in chroot
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu) | Undecided | Fix Released | ||
1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Oneiric) | Undecided | Fix Released | ||
1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Precise) | Undecided | Fix Released | ||
1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Raring) | Undecided | Fix Released | ||
1042754 | syncpackage: fails with JSON error in chroot | python-keyring (Ubuntu Quantal) | Undecided | Fix Released | ||
1042754 | syncpackage: fails with JSON error in chroot | Python Keyring | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.