CVE-2012-6655 — Incorrect Permission Assignment in Accountsservice

CWE-732 — Incorrect Permission Assignment8 documents8 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 93.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Accountsservice Debian Accountsservice Accountsservice Project Accountsservice +4 more

Timeline

PublishedNov 27

Latest updateMar 11

Description

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/accountsservice< accountsservice 22.08.8-4 (bookworm)

▶Debiancanonical/accountsservice< 22.08.8-4+2

▶NVDopensuse/opensuse13.1

▶NVDaccountsservice_project/accountsservice0.6.37

▶msrcmsrc/azl3_accountsservice_23.13.9-1_on_azure_linux_3.0

Also affects: Debian Linux 10.0, 8.0, 9.0, Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-mwwg-gjh6-9grp: An issue exists AccountService 0↗2022-04-23

▶

OSV

CVE-2012-6655: An issue exists AccountService 0↗2019-11-27

▶

📋Vendor Advisories

Ubuntu

AccountsService vulnerability↗2024-03-11

▶

Microsoft

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.↗2019-11-12

▶

Red Hat

accountsservice: local encrypted password disclosure when changing password↗2012-09-17

▶

Debian

CVE-2012-6655: accountsservice - An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb(...↗2012

▶

💬Community

Bugzilla

CVE-2012-6655 accountsservice: local encrypted password disclosure when changing password↗2014-08-15

▶