CVE-2012-6140
Google Authenticator < 1.0 - Unauthorized Secret Exposure via File Permissions
Title source: llmDescription
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
References (4)
Core 4
Core References
Exploit x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=953505
Issue Tracking x_refsource_confirm
https://code.google.com/p/google-authenticator/source/detail?r=c3414e9857ad64e52283f3266065ef3023fc69a8
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/04/18/10
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666129
Scores
EPSS
0.0023
EPSS Percentile
13.7%
Details
CWE
CWE-200
Status
published
Products (3)
google/authenticator
0.86
google/authenticator
0.87
google/authenticator
< 0.91
Published
Apr 24, 2013
Tracked Since
Feb 18, 2026