1.9

CVE-2012-6140

Exploit
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAuthenticator Version <= 0.91
GoogleAuthenticator Version0.86
GoogleAuthenticator Version0.87
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.135
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666129
http://openwall.com/lists/oss-security/2013/04/18/10
https://bugzilla.redhat.com/show_bug.cgi?id=953505
Exploit
https://code.google.com/p/google-authenticator/source/detail?r=c3414e9857ad64e52283f3266065ef3023fc69a8