MidnightBSD

Advisories for mikel_olasagasti

CVE-2012-2742 MEDIUM

Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
mikel_olasagasti revelation 0.4.7
mikel_olasagasti revelation 0.1.0
mikel_olasagasti revelation 0.3.0
mikel_olasagasti revelation 0.3.1
mikel_olasagasti revelation 0.3.2
mikel_olasagasti revelation *
mikel_olasagasti revelation 0.4.0
mikel_olasagasti revelation 0.4.2
mikel_olasagasti revelation 0.2.0
mikel_olasagasti revelation 0.4.12
mikel_olasagasti revelation 0.4.3
mikel_olasagasti revelation 0.4.5
mikel_olasagasti revelation 0.4.9
mikel_olasagasti revelation 0.4.1
mikel_olasagasti revelation 0.3.3
mikel_olasagasti revelation 0.4.6
mikel_olasagasti revelation 0.4.11
mikel_olasagasti revelation 0.2.1
mikel_olasagasti revelation 0.1.1
mikel_olasagasti revelation 0.4.10
mikel_olasagasti revelation 0.4.4
mikel_olasagasti revelation 0.3.4
mikel_olasagasti revelation 0.1.2
mikel_olasagasti revelation 0.4.8
CVE-2012-2743 MEDIUM

Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
mikel_olasagasti revelation 0.4.7
mikel_olasagasti revelation 0.1.0
mikel_olasagasti revelation 0.3.0
mikel_olasagasti revelation 0.3.1
mikel_olasagasti revelation 0.3.2
mikel_olasagasti revelation *
mikel_olasagasti revelation 0.4.0
mikel_olasagasti revelation 0.4.2
mikel_olasagasti revelation 0.2.0
mikel_olasagasti revelation 0.4.12
mikel_olasagasti revelation 0.4.3
mikel_olasagasti revelation 0.4.5
mikel_olasagasti revelation 0.4.9
mikel_olasagasti revelation 0.4.1
mikel_olasagasti revelation 0.3.3
mikel_olasagasti revelation 0.4.6
mikel_olasagasti revelation 0.4.11
mikel_olasagasti revelation 0.2.1
mikel_olasagasti revelation 0.1.1
mikel_olasagasti revelation 0.4.10
mikel_olasagasti revelation 0.4.4
mikel_olasagasti revelation 0.3.4
mikel_olasagasti revelation 0.1.2
mikel_olasagasti revelation 0.4.8
CVE-2012-3818 LOW

The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
mikel_olasagasti revelation 0.4.7
mikel_olasagasti revelation 0.1.0
mikel_olasagasti revelation 0.3.0
mikel_olasagasti revelation 0.3.1
mikel_olasagasti revelation 0.3.2
mikel_olasagasti revelation *
mikel_olasagasti revelation 0.4.0
mikel_olasagasti revelation 0.4.2
mikel_olasagasti revelation 0.2.0
mikel_olasagasti revelation 0.4.12
mikel_olasagasti revelation 0.4.3
mikel_olasagasti revelation 0.4.5
mikel_olasagasti revelation 0.4.9
mikel_olasagasti revelation 0.4.1
mikel_olasagasti revelation 0.3.3
mikel_olasagasti revelation 0.4.6
mikel_olasagasti revelation 0.4.11
mikel_olasagasti revelation 0.2.1
mikel_olasagasti revelation 0.1.1
mikel_olasagasti revelation 0.4.10
mikel_olasagasti revelation 0.4.4
mikel_olasagasti revelation 0.3.4
mikel_olasagasti revelation 0.1.2
mikel_olasagasti revelation 0.4.8