| Vulnerability Name: | CVE-2012-6655 (CCN-95325) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2012-08-16 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2012-08-16 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2020-08-18 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-732 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-6655 Source: CCN Type: oss-security Mailing List, Fri, 15 Aug 2014 07:44:44 -0600 CVE request for accountsservice local encrypted password disclosure flaw Source: CCN Type: freedesktop Web site AccountsService Source: MISC Type: Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2014/08/16/7 Source: CCN Type: BID-69245 AccountsService 'user.c' Local Information Disclosure Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry http://www.securityfocus.com/bid/69245 Source: CCN Type: Red Hat Bugzilla Bug 1130538 (CVE-2012-6655) CVE-2012-6655 accountsservice: local encrypted password disclosure when changing password Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655 Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655 Source: MISC Type: Third Party Advisory, VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/95325 Source: XF Type: UNKNOWN accountsservice-cve20126655-info-disc(95325) Source: MISC Type: Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2012-6655 Source: CCN Type: WhiteSource Vulnerability Database CVE-2012-6655 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||