Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Python Keyring does not securely initialize encryption cipher
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
Identifiers: GHSA-p3h7-3c45-qj4v, CVE-2012-4571
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4571
- https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
- http://www.openwall.com/lists/oss-security/2012/10/31/8
- http://www.ubuntu.com/usn/USN-1634-1
- https://github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bd
- https://github.com/advisories/GHSA-p3h7-3c45-qj4v
Blast Radius: 0.0
Affected Packages
pypi:keyring
Dependent packages: 669Dependent repositories: 25,739
Downloads: 53,013,923 last month
Affected Version Ranges: <= 0.9.1
No known fixed version
All affected versions: 0.5.1, 0.6.2, 0.7.1, 0.8.1, 0.9.1