cve/CVE-2018-19358.md at 9cc2023bd8dbe0ab8c5f051fa9a43f1e04594987

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

** DISPUTED ** GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.

POC

Reference

https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365
https://github.com/sungjungk/keyring_crack
https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/5#note_1876550

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/swiesend/secret-service

1.1 KiB Raw Blame History

CVE-2018-19358

Description

POC

Reference

Github

1.1 KiB

Raw Blame History