QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6140

Published: Apr 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=953505

x_refsource_CONFIRM

https://code.google.com/p/google-authenticator/source/detail?r=c3414e9857ad64e52283f3266065ef3023fc69a8

x_refsource_CONFIRM

[oss-security] 20130418 Re: CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666129

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.