1. CVE-Search
  2. CVE-2012-2742
ID CVE-2012-2742
Summary Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.
References
Vulnerable Configurations
  • cpe:2.3:a:mikel_olasagasti:revelation:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:0.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:0.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mikel_olasagasti:revelation:*:*:*:*:*:*:*:*
    cpe:2.3:a:mikel_olasagasti:revelation:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 54060
confirm http://oss.codepoet.no/revelation/issue/61/file-format-magic-string-version-mismatch
misc
mlist
  • [oss-security] 20120618 CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key
  • [oss-security] 20120618 Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key
xf revelation-passwordlength-weak-security(76407)
Last major update 29-08-2017 - 01:31
Published 27-06-2012 - 22:55
Last modified 29-08-2017 - 01:31
Back to Top