CVE-2012-6140

2013-04-2410:28:37

CWE-200

[email protected]

web.nvd.nist.gov

cve-2012-6140

pam module

google authenticator

secret file

permission vulnerability

local access restrictions

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.

Affected configurations

NVD

Node

googleauthenticatorRange≤0.91

googleauthenticatorMatch0.86

googleauthenticatorMatch0.87

CPENameOperatorVersion
google:authenticatorgoogle authenticatorle0.91
google:authenticatorgoogle authenticatoreq0.86
google:authenticatorgoogle authenticatoreq0.87