N/A
CVE-2012-6140
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| authenticator | Android | ≤0.91 | cpe:2.3:a:google:authenticator:*:*:*:*:*:*:*:* | |
| authenticator | iOS | ≤0.91 | cpe:2.3:a:google:authenticator:*:*:*:*:*:*:*:* | |
| authenticator | Android | — | cpe:2.3:a:google:authenticator:0.86:*:*:*:*:*:*:* | |
| authenticator | iOS | — | cpe:2.3:a:google:authenticator:0.86:*:*:*:*:*:*:* | |
| authenticator | Android | — | cpe:2.3:a:google:authenticator:0.87:*:*:*:*:*:*:* | |
| authenticator | iOS | — | cpe:2.3:a:google:authenticator:0.87:*:*:*:*:*:*:* |