Vulnerability Details : CVE-2012-2389
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
Products affected by CVE-2012-2389
- cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2389
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2389
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2012-2389
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2389
-
http://www.openwall.com/lists/oss-security/2012/05/23/13
oss-security - Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
-
https://bugzilla.redhat.com/show_bug.cgi?id=824660
824660 – (CVE-2012-2389) CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf
-
http://www.openwall.com/lists/oss-security/2012/05/23/3
oss-security - CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
mandriva.com
-
http://www.openwall.com/lists/oss-security/2012/05/23/5
oss-security - Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials
-
https://bugzilla.novell.com/show_bug.cgi?id=740964
Bug 740964 – VUL-1: hostapd: credentials leak
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html
[SECURITY] Fedora 15 Update: hostapd-0.7.3-2.1.fc15
Jump to