CVE-2012-6140

NameCVE-2012-6140
Descriptionpam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs666129

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
google-authenticator (PTS)bookworm, bullseye20191231-2fixed
sid, trixie20191231-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
google-authenticatorsource(unstable)20130529-1666129
Search for package or bug name: Reporting problems