CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-12356

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile44.79th
Published2018年6月15日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.

Affected Platforms (CPE)

📦
Simple Password Store Project

Simple Password Store

>= 1.7.0 and < 1.7.2

References & Advisories

🔗 http://openwall.com/lists/oss-security/2018/06/14/3
🔗 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
🔗 http://seclists.org/fulldisclosure/2019/Apr/38
🔗 http://www.openwall.com/lists/oss-security/2019/04/30/4
🔗 https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d
🔗 https://github.com/RUB-NDS/Johnny-You-Are-Fired
🔗 https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
🔗 https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html

関連する脆弱性情報

CVE-2019-156547.5

Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true requ...

CVE-2019-156557.5

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web ma...

CVE-2019-166387.5

An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.te...

CVE-2019-83506.6

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclos...