Fluid Attacks Database

Description

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	accountsservice	=0.6.55-3 \|\| =22.07.5-1 \|\| =22.08.8-1 \|\| =22.08.8-2 \|\| =22.08.8-4 \|\| =22.08.8-5 \|\| =22.08.8-6 \|\| =23.13.9-1 \|\| =23.13.9-2 \|\| =23.13.9-3 \|\| =23.13.9-4 \|\| =23.13.9-5 \|\| =23.13.9-6 \|\| =23.13.9-6.1 \|\| =23.13.9-7 \|\| =23.13.9-8	-
debian 12	accountsservice	>=0 <22.08.8-4	22.08.8-4
debian 14	accountsservice	>=0 <22.08.8-4	22.08.8-4
debian 13	accountsservice	>=0 <22.08.8-4	22.08.8-4
rpm rhel7	accountsservice	-	-

Aliases

1. CVE-2012-66552. NVD-2012-66553. OSV-DEBIAN-2012-66554. OSV-2012-66555. SECURITY-TRACKER-CVE-2012-6655