High severityNVD Advisory· Published Nov 30, 2012· Updated Jun 16, 2026
CVE-2012-4571
CVE-2012-4571
Description
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keyringPyPI | < 0.9.2 | 0.9.2 |
Affected products
2- cpe:2.3:a:python:keyring:0.9.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-p3h7-3c45-qj4vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4571ghsaADVISORY
- pypi.python.org/pypi/keyringnvdWEB
- www.openwall.com/lists/oss-security/2012/10/31/8nvdWEB
- www.ubuntu.com/usn/USN-1634-1nvdWEB
- bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845nvdWEB
- github.com/jaraco/keyring/commit/162f2ed0e39e16d561732b9fad8af6cd2341d7bdghsaWEB
- github.com/jaraco/keyring/commit/56272d908ba7a3fe4ebb6d6e87a7cc569f4726acghsaWEB
- github.com/jaraco/keyring/commit/a76942672f6ac85a88bd9b9ed31fd133119b7702ghsaWEB
- github.com/jaraco/keyring/commit/cbf509b0386c3063d8b2879ce72d78ac18023f72ghsaWEB
- github.com/jaraco/keyring/commit/cc1ead78d1e3fab9fa8bb0b4bb334cb82d35db52ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keyring/PYSEC-2012-8.yamlghsaWEB
News mentions
0No linked articles in our index yet.