CVE-2013-4217

The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/08/08/17
https://bugzilla.redhat.com/show_bug.cgi?id=911121

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:wimax_network_service::::::::
	cpe:2.3:a:intel:wimax_network_service:1.5.0:::::::*

History

No history.

Information

Published : 2013-08-25 03:27

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4217

Mitre link : CVE-2013-4217

CVE.ORG link : CVE-2013-4217

JSON object : View

Products Affected

intel

wimax_network_service

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2013-4217", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-25T03:27:32.870", "references": [{"url": "http://www.openwall.com/lists/oss-security/2013/08/08/17", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=911121", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file."}, {"lang": "es", "value": "La funci\u00f3n OSAL_Crypt_SetEncryptedPassword en InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c en el modulo criptografico OSAL en Intel WiMAX Network Service hasta v1.5.2 para dispositivos Intel Wireless WiMAX Connection 2400 registra una contrase\u00f1a sin cifrar durante ciertos intentos de establecer una contrase\u00f1a, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un archivo de registro."}], "lastModified": "2013-08-26T18:29:32.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:wimax_network_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5CB891D-3239-42B6-AE62-260CF80DA80C", "versionEndIncluding": "1.5.2"}, {"criteria": "cpe:2.3:a:intel:wimax_network_service:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3541BA34-6780-4449-ADA7-F84642D6672F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}