keyring@0.3 vulnerabilities

Store and access your passwords safely.

Direct Vulnerabilities

Known vulnerabilities in the keyring package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Incorrect Default Permissions

Affected versions of this package are vulnerable to Incorrect Default Permissions. Keyring files are created with world-readable permissions.

How to fix Incorrect Default Permissions?

Upgrade keyring to version 0.10 or higher.

[,0.10)
  • M
Cryptographic Issues

keyring is a Store and access your passwords safely. Affected versions of this package are vulnerable to weak password encryption attacks. Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.

How to fix Cryptographic Issues?

Upgrade to version 0.9.1 or greater.

[,0.9]