Improper Passphrase Caching in GNOME Keyring Affects Multiple Versions
CVE-2012-3466

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome-keyring
Vendor: CVE Published:; 22 October 2012

What is CVE-2012-3466?

The GNOME keyring version 3.4.0 through 3.4.1 fails to properly limit the caching duration of a passphrase when the gpg-cache-method is configured to either 'idle' or 'timeout'. This flaw may allow unauthorized access to sensitive data by enabling attackers to execute unspecified attack vectors, leading to potential compromise of system security.

References

http://www.openwall.com/lists/oss-security/2012/08/09/2

mailing-listx_refsource_MLIST

http://git.gnome.org/browse/gnome-keyring/commit/?id=5160...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/08/09/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2012
Vulnerability Reserved
Jun 14, 2012

Gnome

What is CVE-2012-3466?

References

Timeline