Vulnerability Database

308,820

Total vulnerabilities in the database

CVE-2013-4143

The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.

Published: May 30, 2014
Updated: Nov 9, 2025
CVE: CVE-2013-4143
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
david_bagley / xlockmore	5.33	5.33.x
david_bagley / xlockmore	5.29	5.29.x
david_bagley / xlockmore	5.34	5.34.x
david_bagley / xlockmore	5.30	5.30.x
david_bagley / xlockmore	5.35	5.35.x
david_bagley / xlockmore	5.27	5.27.x
david_bagley / xlockmore	5.36	5.36.x
david_bagley / xlockmore	-	5.42.x
david_bagley / xlockmore	5.37	5.37.x
david_bagley / xlockmore	5.40	5.40.x
david_bagley / xlockmore	5.24	5.24.x
david_bagley / xlockmore	5.41	5.41.x
david_bagley / xlockmore	5.38	5.38.x
david_bagley / xlockmore	5.26	5.26.x
david_bagley / xlockmore	5.32	5.32.x
david_bagley / xlockmore	5.31	5.31.x
david_bagley / xlockmore	5.25	5.25.x
david_bagley / xlockmore	5.39	5.39.x
david_bagley / xlockmore	5.28	5.28.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo