Vulnerabilities > CVE-2012-0813 - Credentials Management vulnerability in David Paleino Wicd
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-1077.NASL description - CVE-2012-0813 A sensitive information disclosure flaw was found in the way wicd, wireless and wired network connection manager, performed management of sensitive information, to be stored in log files. Fields like last seen 2020-03-17 modified 2012-02-17 plugin id 57987 published 2012-02-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57987 title Fedora 15 : wicd-1.7.0-11.fc15 (2012-1077) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-08.NASL description The remote host is affected by the vulnerability described in GLSA-201206-08 (Wicd: Multiple vulnerabilities) Two vulnerabilities have been found in Wicd: Passwords and passphrases are written to /var/log/wicd (CVE-2012-0813). Input from the daemon last seen 2020-06-01 modified 2020-06-02 plugin id 59646 published 2012-06-22 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59646 title GLSA-201206-08 : Wicd: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-1059.NASL description - CVE-2012-0813 A sensitive information disclosure flaw was found in the way wicd, wireless and wired network connection manager, performed management of sensitive information, to be stored in log files. Fields like last seen 2020-03-17 modified 2012-02-17 plugin id 57986 published 2012-02-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57986 title Fedora 16 : wicd-1.7.0-10.fc16 (2012-1059)
References
- http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
- http://secunia.com/advisories/49657
- http://security.gentoo.org/glsa/glsa-201206-08.xml
- http://www.openwall.com/lists/oss-security/2012/01/26/13
- http://www.openwall.com/lists/oss-security/2012/01/26/14
- http://www.securityfocus.com/bid/51703
- https://launchpad.net/wicd/+announcement/9570