Back to search
CVE-2013-4143
Published: May 30, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.tux.org/~bagleyd/xlock/xlockmore.README
x_refsource_CONFIRM
[oss-security] 20130718 Re: CVE Request - xlockmore 5.43 fixes a security flaw
mailing-list
x_refsource_MLIST
[oss-security] 20130716 CVE Request - xlockmore 5.43 fixes a security flaw
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now