{"id":"PYSEC-2012-8","details":"Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.","aliases":["CVE-2012-4571","GHSA-p3h7-3c45-qj4v"],"modified":"2023-11-08T03:57:08.012859Z","published":"2012-11-30T22:55:00Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/10/31/8"},{"type":"WEB","url":"http://pypi.python.org/pypi/keyring"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1634-1"}],"affected":[{"package":{"name":"keyring","ecosystem":"PyPI","purl":"pkg:pypi/keyring"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.2"}]}],"versions":["0.1","0.2","0.3","0.4","0.5","0.5.1","0.6.2","0.7","0.7.1","0.8","0.8.1","0.9","0.9.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keyring/PYSEC-2012-8.yaml"}}],"schema_version":"1.7.3"}