CVE-2012-2389Hostapd vulnerability

CWE-2647 documents5 sources
Severity
2.1LOWNVD
EPSS
0.0%
top 85.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W1.fi Hostapd
Timeline
PublishedJun 21
Latest updateMay 17

Description

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDw1.fi/hostapd0.7.3

🔴Vulnerability Details

2
GHSA
GHSA-g3f4-94xv-v6fv: hostapd 02022-05-17
CVEList
CVE-2012-2389: hostapd 02012-06-21

📋Vendor Advisories

1
Debian
CVE-2012-2389: wpa - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for...2012

💬Community

3
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]2012-05-29
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf2012-05-23
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]2012-05-23
CVE-2012-2389 — W1.fi Hostapd vulnerability | cvebase