CVE-2012-0813 - OpenCVE

Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
David Paleino	Wicd

Configuration 1 [-]

OR	cpe:2.3:a:david_paleino:wicd::beta3::::::*
	cpe:2.3:a:david_paleino:wicd:1.2.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.3.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.3:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.4:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.5:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.6:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.8:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.9:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.2:::::::*

References

Link	Resource
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
http://secunia.com/advisories/49657	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201206-08.xml
http://www.openwall.com/lists/oss-security/2012/01/26/13
http://www.openwall.com/lists/oss-security/2012/01/26/14
http://www.securityfocus.com/bid/51703
https://launchpad.net/wicd/+announcement/9570

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-29T19:00:00Z

Updated: 2012-06-29T19:00:00Z

Reserved: 2012-01-19T00:00:00Z

Link: CVE-2012-0813

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-06-29T19:55:02.577

Modified: 2012-08-01T04:00:00.000

Link: CVE-2012-0813

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:david_paleino:wicd:*:beta3:*:*:*:*:*:*", "matchCriteriaId": "5405A668-8E9E-4E07-9281-C8AE1A9EB301", "versionEndIncluding": "1.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "06AFC460-E683-4047-8C2A-1E9AC377917B", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2D411ED-67BF-45A0-BE8A-E981CAB0F4CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "45632B83-B5C7-42AC-9B8B-031AB0D6417A", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "52DCBA8B-FD94-4184-985A-E054DEC04671", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9F48E42D-AEEA-41EC-BCFB-5581CEA05B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "288E7A59-D1BA-45D7-A30A-9F5F56E5A192", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2265EFEA-CEF9-42E0-A538-8D8FAE5F351C", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7769F3E0-EF1A-480C-845E-7178F2939ECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "22A39899-C5D7-47D0-9B9C-6ADD1F756B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "27ED667E-BD1E-4352-A5F0-DB70B86D600D", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "84B74048-746F-4DF7-913D-3F0163FC8FD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "F9E268AD-D2A5-48DD-A311-6C2CD8A67149", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "D5FE6B55-58EA-403E-AA60-2079A559D2CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "D05918F4-2957-459D-9505-1B14B7C4D257", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "7A7BD785-94DC-4525-9CA4-9DE41F316807", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FCF612E-89BE-4AFC-8DC3-D8DE1452BFAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DF97412-C3F2-4AE2-B2CE-CE8F24EC139F", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "40BD3EF9-EE76-4E63-B057-4B369BB39568", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "94373C23-875A-4CED-BC07-0AEFF233A64F", "vulnerable": true}, {"criteria": "cpe:2.3:a:david_paleino:wicd:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6D324009-C5BE-4BBD-82B7-1B9041416B56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information."}, {"lang": "es", "value": "Wicd anteriores a 1.7.1 guarda informaci\u00f3n confidencial en archivos de log en /var/log/wicd, lo que permite a atacantes dependientes del contexto obtener contrase\u00f1as y otra informaci\u00f3n confidencial."}], "id": "CVE-2012-0813", "lastModified": "2012-08-01T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-29T19:55:02.577", "references": [{"source": "secalert@redhat.com", "url": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682"}, {"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49657"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201206-08.xml"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/26/13"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/01/26/14"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/51703"}, {"source": "secalert@redhat.com", "url": "https://launchpad.net/wicd/+announcement/9570"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}