Mikel Olasagasti : Security vulnerabilities, CVEs

Copy

CVE-2012-3818

The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.

Max CVSS

2.1

EPSS Score

0.04%

Published

2012-06-29

Updated

2012-07-02

CVE-2012-2743

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.

Max CVSS

5.0

EPSS Score

0.56%

Published

2012-06-27

Updated

2017-08-29

CVE-2012-2742

Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.

Max CVSS

5.0

EPSS Score

0.64%

Published

2012-06-27

Updated

2017-08-29

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!