CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
81.2%
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
Vendor | Product | Version | CPE |
---|---|---|---|
authenticator | * | cpe:2.3:a:google:authenticator:*:*:*:*:*:*:*:* | |
authenticator | 0.86 | cpe:2.3:a:google:authenticator:0.86:*:*:*:*:*:*:* | |
authenticator | 0.87 | cpe:2.3:a:google:authenticator:0.87:*:*:*:*:*:*:* |