The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html | Broken Link |
http://openwall.com/lists/oss-security/2013/05/28/5 | Exploit Mailing List Third Party Advisory |
http://openwall.com/lists/oss-security/2013/05/29/6 | Exploit Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=969421 | Issue Tracking Patch Third Party Advisory |
https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce | Mailing List Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-02-11T19:03:18
Updated: 2020-02-11T19:03:18
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-2120
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-11T20:15:11.070
Modified: 2020-02-21T16:15:02.027
Link: CVE-2013-2120
JSON object: View
Redhat Information
No data.
CWE