CVE-2013-4143
Last modified
CVE-2013-4143 is a vulnerability of currently unknown severity. The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| David Bagley | Xlockmore | <= 5.42 |
| David Bagley | Xlockmore | 5.24 |
| David Bagley | Xlockmore | 5.25 |
| David Bagley | Xlockmore | 5.26 |
| David Bagley | Xlockmore | 5.27 |
| David Bagley | Xlockmore | 5.28 |
| David Bagley | Xlockmore | 5.29 |
| David Bagley | Xlockmore | 5.30 |
| David Bagley | Xlockmore | 5.31 |
| David Bagley | Xlockmore | 5.32 |
| David Bagley | Xlockmore | 5.33 |
| David Bagley | Xlockmore | 5.34 |
| David Bagley | Xlockmore | 5.35 |
| David Bagley | Xlockmore | 5.36 |
| David Bagley | Xlockmore | 5.37 |
| David Bagley | Xlockmore | 5.38 |
| David Bagley | Xlockmore | 5.39 |
| David Bagley | Xlockmore | 5.40 |
| David Bagley | Xlockmore | 5.41 |
References
- http://www.tux.org/~bagleyd/xlock/xlockmore.READMEVendor Advisory
- http://www.tux.org/~bagleyd/xlock/xlockmore.READMEVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4143?
How severe is CVE-2013-4143?
How do I fix CVE-2013-4143?
Are you affected by CVE-2013-4143?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST