CVE-2013-4143
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
Las funciones (1) checkPasswd y (2) checkGroupXlockPasswds en xlockmore anterior a 5.43 no se manejan debidamente cuando un valor nulo está devuelto en un error por la función crypt o dispcrypt tal y como está implementado en glibc 2.17 y posteriores, lo que permite a atacantes evadir el bloqueo de pantalla a través de vectores relacionados con salts inválidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-09-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/07/16/8 | Mailing List | |
| http://openwall.com/lists/oss-security/2013/07/18/6 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.tux.org/~bagleyd/xlock/xlockmore.README | 2014-06-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | <= 5.42 Search vendor "David Bagley" for product "Xlockmore" and version " <= 5.42" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.24 Search vendor "David Bagley" for product "Xlockmore" and version "5.24" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.25 Search vendor "David Bagley" for product "Xlockmore" and version "5.25" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.26 Search vendor "David Bagley" for product "Xlockmore" and version "5.26" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.27 Search vendor "David Bagley" for product "Xlockmore" and version "5.27" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.28 Search vendor "David Bagley" for product "Xlockmore" and version "5.28" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.29 Search vendor "David Bagley" for product "Xlockmore" and version "5.29" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.30 Search vendor "David Bagley" for product "Xlockmore" and version "5.30" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.31 Search vendor "David Bagley" for product "Xlockmore" and version "5.31" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.32 Search vendor "David Bagley" for product "Xlockmore" and version "5.32" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.33 Search vendor "David Bagley" for product "Xlockmore" and version "5.33" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.34 Search vendor "David Bagley" for product "Xlockmore" and version "5.34" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.35 Search vendor "David Bagley" for product "Xlockmore" and version "5.35" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.36 Search vendor "David Bagley" for product "Xlockmore" and version "5.36" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.37 Search vendor "David Bagley" for product "Xlockmore" and version "5.37" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.38 Search vendor "David Bagley" for product "Xlockmore" and version "5.38" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.39 Search vendor "David Bagley" for product "Xlockmore" and version "5.39" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.40 Search vendor "David Bagley" for product "Xlockmore" and version "5.40" | - |
Affected
| ||||||
| David Bagley Search vendor "David Bagley" | Xlockmore Search vendor "David Bagley" for product "Xlockmore" | 5.41 Search vendor "David Bagley" for product "Xlockmore" and version "5.41" | - |
Affected
| ||||||