CVE-2013-2120 - OpenCVE

The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kde	Paste Applet

Configuration 1 [-]

cpe:2.3:a:kde:paste_applet:*:*:*:*:*:*:*:*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html	Broken Link
http://openwall.com/lists/oss-security/2013/05/28/5	Exploit Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2013/05/29/6	Exploit Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=969421	Issue Tracking Patch Third Party Advisory
https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce	Mailing List Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-02-11T19:03:18

Updated: 2020-02-11T19:03:18

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2120

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-11T20:15:11.070

Modified: 2020-02-21T16:15:02.027

Link: CVE-2013-2120

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:paste_applet:*:*:*:*:*:*:*:*", "matchCriteriaId": "013FF7E1-ECB0-4489-8FE2-0D223FC4E0F7", "versionEndExcluding": "4.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack."}, {"lang": "es", "value": "La macro %{password(...)} en el archivo pastemacroexpander.cpp en KDE Paste Applet versiones anteriores a 4.10.5 en kdeplasma-addons no genera apropiadamente las contrase\u00f1as, lo que permite a atacantes dependiendo del contexto omitir la autenticaci\u00f3n por medio de un ataque de fuerza bruta."}], "id": "CVE-2013-2120", "lastModified": "2020-02-21T16:15:02.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-11T20:15:11.070", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2013/05/28/5"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2013/05/29/6"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=969421"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}