CVE-2018-19358
https://notcve.org/view.php?id=CVE-2018-19358
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. GNOME Keyring hasta la versión 3.28.2 permite que usuarios locales recuperen las credenciales de inicio de sesión mediante una llamada API Secret Service y la interfaz D-Bus si el keyring está desbloqueado. Este problema es similar a CVE-2008-7320. • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365 https://bugzilla.redhat.com/show_bug.cgi?id=1652194#c8 https://github.com/sungjungk/keyring_crack https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/5#note_1876550 https://www.youtube.com/watch?v=Do4E9ZQaPck •
CVE-2012-3466
https://notcve.org/view.php?id=CVE-2012-3466
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. GNOME gnome-keyring v3.4.0 hasta v3.4.1, cuando gpg-cache-method se establece en "idle" o "timeout", no limita correctamente la cantidad de tiempo que una contraseña se almacena en caché, lo que permite a los atacantes tener un impacto no especificado a través de vectores de ataque desconocidos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 http://git.gnome.org/browse/gnome-keyring/commit/?id=51606f299e5ee9d48096db0a5957efe26cbf7cc3 http://git.gnome.org/browse/gnome-keyring/commit/?id=5dff623470b859e332dbe12afb0dc57b292832d2 http://lists.opensuse.org/opensuse-updates/2012-09/msg00037.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:084 http://www.openwall.com/lists/oss-security/2012/08/09/1 http://www.openwall.com/lists/oss-security/2012/08/09/2 https:// • CWE-264: Permissions, Privileges, and Access Controls •