Improper File Permissions in hostapd that May Expose Sensitive Information
CVE-2012-2389

Currently unrated

Key Information:

Vendor: W1.fi
Status: Hostapd
Vendor: CVE Published:; 21 June 2012

What is CVE-2012-2389?

The hostapd application, specifically in version 0.7.3 and potentially earlier versions, is affected by a vulnerability due to improper permissions set on the configuration file (/etc/hostapd/hostapd.conf). The file permissions are set to 0644, which could allow local users to read sensitive information, including credentials stored within the configuration file. This vulnerability may compromise the confidentiality of the data and potentially lead to unauthorized access to network resources.

References

https://bugzilla.redhat.com/show_bug.cgi?id=824660

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2012/05/23/13

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2012/05/23/5

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2012
Vulnerability Reserved
Apr 19, 2012

CVE-2012-2389 Data

JSON

W1.fi

What is CVE-2012-2389?

References

Timeline