Description
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2012-6655
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/95325
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2014/08/16/7
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/69245
Scores
CVSS v3
3.3
EPSS
0.0002
EPSS Percentile
6.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-732
Status
published
Products (6)
accountsservice_project/accountsservice
0.6.37
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
opensuse/opensuse
13.1
redhat/enterprise_linux
7.0
Published
Nov 27, 2019
Tracked Since
Feb 18, 2026