CVE-2012-4571: Python Keyring does not securely initialize encryption cipher
(updated )
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
References
- bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
- github.com/advisories/GHSA-p3h7-3c45-qj4v
- github.com/jaraco/keyring
- github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bd
- github.com/jaraco/keyring/commit/56272d908ba7a3fe4ebb6d6e87a7cc569f4726ac
- github.com/jaraco/keyring/commit/a76942672f6ac85a88bd9b9ed31fd133119b7702
- github.com/jaraco/keyring/commit/cbf509b0386c3063d8b2879ce72d78ac18023f72
- github.com/jaraco/keyring/commit/cc1ead78d1e3fab9fa8bb0b4bb334cb82d35db52
- github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2012-8.yaml
- nvd.nist.gov/vuln/detail/CVE-2012-4571
Code Behaviors & Features
Detect and mitigate CVE-2012-4571 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →