Back to CVE Browser

CVE-2018-12356

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1000%

EPSS Percentile44.79th

PublishedJun 15, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.

Affected Platforms (CPE)

📦

Simple Password Store Project

Simple Password Store

>= 1.7.0 and < 1.7.2

References & Advisories

🔗 http://openwall.com/lists/oss-security/2018/06/14/3

🔗 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

🔗 http://seclists.org/fulldisclosure/2019/Apr/38

🔗 http://www.openwall.com/lists/oss-security/2019/04/30/4

🔗 https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d

🔗 https://github.com/RUB-NDS/Johnny-You-Are-Fired

🔗 https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

🔗 https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html

Related Vulnerabilities

CVE-2019-156547.5

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true requ...

CVE-2019-156557.5

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web ma...

CVE-2019-166387.5

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.te...

CVE-2019-83506.6

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclos...