CVE-2012-6655 - OpenCVE

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Accountsservice Project	Accountsservice
Debian	Debian Linux
Redhat	Enterprise Linux
Opensuse	Opensuse

Configuration 1 [-]

cpe:2.3:a:accountsservice_project:accountsservice:0.6.37:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 4 [-]

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/08/16/7	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/69245	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655	Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655	Exploit Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95325	Third Party Advisory VDB Entry
https://security-tracker.debian.org/tracker/CVE-2012-6655	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-27T17:13:02

Updated: 2019-11-27T17:13:02

Reserved: 2014-08-15T00:00:00

Link: CVE-2012-6655

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-27T18:15:11.097

Modified: 2020-08-18T15:05:58.063

Link: CVE-2012-6655

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-27T17:13:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-6655"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2014/08/16/7"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/69245"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2012-6655", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2012-6655"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325"}, {"name": "http://www.openwall.com/lists/oss-security/2014/08/16/7", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/08/16/7"}, {"name": "http://www.securityfocus.com/bid/69245", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/69245"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6655", "datePublished": "2019-11-27T17:13:02", "dateReserved": "2014-08-15T00:00:00", "dateUpdated": "2019-11-27T17:13:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:accountsservice_project:accountsservice:0.6.37:*:*:*:*:*:*:*", "matchCriteriaId": "F26CA928-7B5E-486E-9B73-DC49D7D53D62", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords."}, {"lang": "es", "value": "Existe un problema en AccountService versi\u00f3n 0.6.37, en la funci\u00f3n user_change_password_authorized_cb() en el archivo user.c, lo que podr\u00eda permitir a usuarios locales obtener contrase\u00f1as cifradas."}], "id": "CVE-2012-6655", "lastModified": "2020-08-18T15:05:58.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-27T18:15:11.097", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/08/16/7"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69245"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95325"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2012-6655"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}