CVE-2013-4143 — Vulnetix

CVE-2013-4143 PUBLISHED CVSS 2.0999999046325684 LOW

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

EPSS 0.06% · 19.5th percentile

Risk Scores

CVSS 2.0

2.0999999046325684

EPSS Score

0.06%

19.5th percentile

Affected Products

Vendor	Product	Versions
david_bagley	xlockmore	5.38, 0, 5.24
n/a	n/a	n/a

Exploit Intelligence

http://www.tux.org/~bagleyd/xlock/xlockmore.README (circl)
[oss-security] 20130718 Re: CVE Request - xlockmore 5.43 fixes a security flaw (circl)
[oss-security] 20130716 CVE Request - xlockmore 5.43 fixes a security flaw (circl)

Timeline

May 30, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 17, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

http://www.tux.org/~bagleyd/xlock/xlockmore.README url
[oss-security] 20130718 Re: CVE Request - xlockmore 5.43 fixes a security flaw mailing-list
[oss-security] 20130716 CVE Request - xlockmore 5.43 fixes a security flaw mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2013-4143 advisory

Open in Interactive Console →