keyring known bugs
pypi6 known bugs in keyring, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
6
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | any | 0.10 | Incorrect Default Permissions in keyring Python keyring lib before 0.10 created keyring files with world-readable permissions. | fixed | osv:GHSA-p86x-652p-6385 |
| high | any | 0.9.2 | Python Keyring does not securely initialize encryption cipher Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for `CryptedFileKeyring` files, which makes it easier for local users to obtain passwords via a brute-force attack. | fixed | osv:GHSA-p3h7-3c45-qj4v |
| high | any | 0.10 | Incorrect Default Permissions in keyring Python keyring has insecure permissions on new databases, allowing world-readable files to be created. | fixed | osv:GHSA-8867-vpm3-g98g |
| medium | any | 0.10.1 | PYSEC-2019-182: advisory Python keyring has insecure permissions on new databases allowing world-readable files to be created | fixed | osv:PYSEC-2019-182 |
| medium | any | 0.10 | PYSEC-2019-181: advisory Python keyring lib before 0.10 created keyring files with world-readable permissions. | fixed | osv:PYSEC-2019-181 |
| medium | any | 0.9.2 | PYSEC-2012-8: advisory Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. | fixed | osv:PYSEC-2012-8 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/pypi/keyring