VDB
CVE-2013-2120
CVE-2013-2120
REJECTED
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
EPSS 0.12% · 30.4th percentile
Risk Scores
EPSS Score
0.12%
30.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | kdeplasma-addons | 0, 4:4.11.2-0ubuntu2, 4:4.11.97-0ubuntu1 |
| Ubuntu:16.04:LTS | kdeplasma-addons | 0, 4:5.4.2-0ubuntu1, 4:5.4.3-0ubuntu1 |
Exploit Intelligence
- CIRCL seen: CVE-2013-2120 (circl-sighting)
- CIRCL seen: CVE-2013-2120 (circl-sighting)
- https://bugzilla.redhat.com/show_bug.cgi?id=969421 (circl)
- https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce (circl)
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0114.html (circl)
- http://openwall.com/lists/oss-security/2013/05/28/5 (vulncheck-nvd)
- http://openwall.com/lists/oss-security/2013/05/29/6 (vulncheck-nvd)
Timeline
- Feb 11, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-2120 third-party-advisory
- http://seclists.org/oss-sec/2013/q2/429 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-2120 third-party-advisory