Vulnerability Details : CVE-2012-3466
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.
Products affected by CVE-2012-3466
- cpe:2.3:a:gnome:gnome-keyring:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome-keyring:3.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3466
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3466
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2012-3466
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3466
-
https://bugzilla.gnome.org/show_bug.cgi?id=681081
Bug 681081 – gpg passphrase cached foreverExploit
-
http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2
secret-store: Mark a secret item as 'used' when accessed (5dff6234) · Commits · GNOME / gnome-keyring · GitLabPatch
-
http://www.openwall.com/lists/oss-security/2012/08/09/1
oss-security - CVE Request: gnome-keyring: improper caching of gpg password/passphrase
-
http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3
gpg-agent: Hook up the TTL cache option (51606f29) · Commits · GNOME / gnome-keyring · GitLab
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:084
mandriva.com
-
http://www.openwall.com/lists/oss-security/2012/08/09/2
oss-security - Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
#683655 - gnome-keyring: gpg passphrase cached forever - Debian Bug report logs
-
https://bugzilla.redhat.com/show_bug.cgi?id=845426
845426 – (CVE-2012-3466) CVE-2012-3466 gnome-keyring: improper caching of passwords/passphrase
-
http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html
openSUSE-SU-2012:1121-1: gnome-keyring: do not cache passwords indefinit
Jump to