CVE-2013-4143

CVE-2013-4143 is a low-severity vulnerability in David Bagley Xlockmore with a CVSS 2.0 base score of 2.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

Frequently asked questions

What is CVE-2013-4143?
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.
How severe is CVE-2013-4143?
CVE-2013-4143 has a CVSS 2.0 base score of 2.1, rated low severity.
Is CVE-2013-4143 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (32nd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2013-4143?
CVE-2013-4143 primarily affects David Bagley Xlockmore. In total, 19 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2013-4143?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2013-4143 published?
CVE-2013-4143 was published on 2014-05-30 and last updated on 2026-06-16.

References

Affected products (19)