CVE-2012-4578 : The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local user

The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.

Published 2012-08-21 19:55:01

Updated 2017-08-29 01:32:20

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-4578

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-4578

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-4578

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4578

https://exchange.xforce.ibmcloud.com/vulnerabilities/78057

FreeBSD geli weak security CVE-2012-4578 Vulnerability Report
http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006541.html

[HEADSUP] geli(4) weak master key generation on -CURRENT
Vendor Advisory

Products affected by CVE-2012-4578

Pawel Jakub Dawidek » Geli
Versions up to, including, (<=) 7
cpe:2.3:a:pawel_jakub_dawidek:geli:*:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd » Version: 10.0
Pawel Jakub Dawidek » Geli » Version: 4
cpe:2.3:a:pawel_jakub_dawidek:geli:4:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd » Version: 10.0

Vulnerability Details : CVE-2012-4578

Exploit prediction scoring system (EPSS) score for CVE-2012-4578

CVSS scores for CVE-2012-4578

CWE ids for CVE-2012-4578

References for CVE-2012-4578

Products affected by CVE-2012-4578