CVE-2012-6140

Name: CVE-2012-6140
Creator: NVD / NIST
Published: 2013-04-24T10:28:37.323+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.23%

Last modified Jun 16, 2026

CVE-2012-6140 is a vulnerability of currently unknown severity. pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.

Metrics

EPSS Probability

0.23%

13.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Google	Authenticator	<= 0.91
Google	Authenticator	0.86
Google	Authenticator	0.87

References

Timeline

Published: Apr 24, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-6140?

How severe is CVE-2012-6140?

Severity scoring for CVE-2012-6140 is pending analysis. The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.

How do I fix CVE-2012-6140?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-6140?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST