CVE-2012-6140

Google Authenticator < 1.0 - Unauthorized Secret Exposure via File Permissions

Title source: llm
STIX 2.1

Description

pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.

References (4)

Core 4

Scores

EPSS 0.0023
EPSS Percentile 13.7%

Details

CWE
CWE-200
Status published
Products (3)
google/authenticator 0.86
google/authenticator 0.87
google/authenticator < 0.91
Published Apr 24, 2013
Tracked Since Feb 18, 2026