CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring
files, which makes it easier for local users to obtain passwords via a brute-force attack.
pypi.python.org/pypi/keyring
www.openwall.com/lists/oss-security/2012/10/31/8
www.ubuntu.com/usn/USN-1634-1
bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
github.com/advisories/GHSA-p3h7-3c45-qj4v
github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bd
github.com/jaraco/keyring/commit/56272d908ba7a3fe4ebb6d6e87a7cc569f4726ac
github.com/jaraco/keyring/commit/a76942672f6ac85a88bd9b9ed31fd133119b7702
github.com/jaraco/keyring/commit/cbf509b0386c3063d8b2879ce72d78ac18023f72
github.com/jaraco/keyring/commit/cc1ead78d1e3fab9fa8bb0b4bb334cb82d35db52
github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2012-8.yaml
nvd.nist.gov/vuln/detail/CVE-2012-4571