PyPI package
keyring
pkg:pypi/keyring
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-5578 | — | < 0.10 | 0.10 | Nov 25, 2019 | Python keyring has insecure permissions on new databases allowing world-readable files to be created | ||
| CVE-2012-5577 | — | < 0.10 | 0.10 | Oct 28, 2019 | Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||
| CVE-2012-4571 | — | < 0.9.2 | 0.9.2 | Nov 30, 2012 | Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. |
- CVE-2012-5578Nov 25, 2019affected < 0.10fixed 0.10
Python keyring has insecure permissions on new databases allowing world-readable files to be created
- CVE-2012-5577Oct 28, 2019affected < 0.10fixed 0.10
Python keyring lib before 0.10 created keyring files with world-readable permissions.
- CVE-2012-4571Nov 30, 2012affected < 0.9.2fixed 0.9.2
Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.